ECJ Data Security Byte
Companies should review their insurance policies, specifically related to privacy claims and privacy regulation proceedings, in order to determine whether there are any provisions that preclude coverage for “failure to follow minimum required [cybersecurity] practices.” As stated in a recent Business Insurance article, the insurance company Columbia Casualty, a unit of CNA Financial Corporation, is seeking a declaration that it is not obligated to provide coverage to an organization that suffered a data breach, due to a exclusion in the policy that precludes coverage for “failure to follow minimum required practices.” The organization allegedly failed to install encryption or take other security measures to protection sensitive personal information. Click here.
ECJ Data Security Definition
Multifactor Authentication – Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-53