Reviewing Data Breach Insurance In Vendor Agreements

Oct 25, 2016

Many cybersecurity laws and privacy laws apply to companies that use customers’ personal information, and all companies have proprietary business information that theyis haves a duty to protect. Consequently, companies can be vulnerable to liability claims from customers, shareholders, directors, and regulators in the event of a data breach. Such liability is not automatically transferred when using vendor’s to process such information. Therefore, vendors should carry adequate data breach insurance when processing a customers’ information.

Data breach insurance can cover costs related to identity protection solutions, retaining counsel, performing investigations, public relations campaigns, and other expenses associated with a data breach. In entering an agreement with a vendor, entrepreneurs should review and assure that the vendor has the appropriate insurance related to a breach of the company’sies information. When reviewing an agreement for appropriate insurance, it would be helpful to ask the following:
(1) If a customer’s data is lost, stolen, or misused, how will the vendor compensate the company?

(2) Is the vendor insured with the appropriate coverage types?
(3) Is the vendor insured at the appropriate amounts?
(4) Are the insurance requirements illustrated in the agreement?
(5) Is the company named as a beneficiary?

Generally, strong privacy and security controls are required to obtain data breach insurance. Because vendors can be a source of a breach of its customers’ information, a company has an obligation to ensure that the vendors processing such information haves the means to help the company mitigate costs when a data breach occurs. Employing the advice of an attorney familiar with reviewing insurance and security terms in vendor agreements can help ensure that the appropriate terms are drafted in the agreement in order to mitigate the costs of a data breach.

Heliane Fabian