News, opinions and analysis to assist in professional liability risk management from the Technology, Media and Business Services Group.

From the underwriting desk
Are your clients encrypting portable devices?
If your clients are not encrypting data stored on portable devices, then they should be planning to implement encryption. Below are three reasons why:

1. It’s the law for Massachusetts!
And, the law doesn’t just apply to businesses located in Massachusetts. The law applies to any business that owns or licenses “personal information about a resident of the Commonwealth of Massachusetts.”

2. Susan McAndrew recommends it!
Ms. McAndrew is the deputy director for privacy in the Office for Civil Rights which is a part of the Department of Health and Human Services. The Office for Civil Rights is preparing to start HIPAA Security Rule enforcement, and will be implementing compliance audits of healthcare organizations and their business associates later this year.

Read a recent interview with Ms. McAndrew at Healthcare Information Security here.
3. Password protection and tracking devices may not be adequate!
Tracking devices can be a valuable tool to recover lost computer hardware and minimize the expense of replacing computer hardware that is lost or stolen. With that said, in our view tracking devices have serious flaws as a risk control to prevent a notification obligation. As attorney John Mullen, of Nelson Levine de Luca & Horst LLC, explains: “once you lose control of the data, the chain of custody is broken. At that point, it’s likely that you have an obligation to notify the consumer under a data breach notification law. While it is true that some notification laws often allow for interpretation, the safer view is to lean toward notifying in this circumstance.”
Recent Headlines

Data security and privacy
Data Security Breach Bill Calls for Strict Notification Requirements
Analysis: Healthcare Breach Costs May Reach $800 Million
Tinos diners hit by credit card hackers
VA Posts Monthly Data Breach Reports Online
Broward College students warned of ID theft risk after leak
Texas Bank Blamed for Security Breach
Data Breaches Continue to Plague Health Care Orgs

Media liability
Google Off the Hook for Some Perfect 10 Links
Viacom to appeal YouTube copyright infringement ruling
Henley wins settlement in copyright case
Hefty sues Glad for trademark infringement
US judge orders closure of unlicensed lyric sites
Bellagio hotel suing mattress producer Magniflex over trademark
US libel protection laws approved

Technology risk issues
Blizzard: StarCraft II tournaments are copyright infringement
Thousands of State Farm and AAFES Customers Erroneously Billed
Computer glitch hits Va’s DMVs
Former Diebold e-voting unit settles Ohio lawsuit
Marin County to scrap $30 million software system
Accenture denies British Gas ‘millions of errors’ billing system claim

This newsletter is intended for informational purposes only and does not provide legal advice. You should consult your legal advisor if you have questions or concerns relevant to your specific situation. Any references to conferences or links to web sites not sponsored by Beazley is for informational purposes only and is not an endorsement of the activity or site.

Beazley offers a variety of information security & privacy insurance products, including the Beazley Information Security & Privacy Beazley offers a variety of information security & privacy insurance products, including the Beazley Information Security & Privacy Insurance With Electronic Media Liability Coverage (“Beazley InfoSec”). Beazley InfoSec is available on an admitted basis in a limited number of states. Where information security & privacy insurance is sold on a surplus lines basis, this coverage must be produced through a properly licensed surplus lines broker.