ECJ Daily Cyber Byte – May 20, 2015

ECJ Data Security Byte

Companies should review their insurance policies, specifically related to privacy claims and privacy regulation proceedings, in order to determine whether there are any provisions that preclude coverage for “failure to follow minimum required [cybersecurity] practices.” As stated in a recent Business Insurance article, the insurance company Columbia Casualty, a unit of CNA Financial Corporation, is seeking a declaration that it is not obligated to provide coverage to an organization that suffered a data breach, due to a exclusion in the policy that precludes coverage for “failure to follow minimum required practices.” The organization allegedly failed to install encryption or take other security measures to protection sensitive personal information. Click here.

ECJ Data Security Definition

Multifactor Authentication – Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-53

ECJ Privacy & Data Security Law Workgroup

Patrick A. Fraioli, Jr.