data security – Premier Risk Management

You Never Know Who is Looking Over Your Shoulder

Recently there was an article about a security chief who was alleging wrongdoing against the company he worked for. He accused the company of not doing all it could do to protect client information. The accusation was that they performed only 27% of the minimum intrusion prevention, data leakage and encryption, and other security measures needed to protect its customers’ sensitive information.

The story gets more complicated…he was fired and all kinds of allegations were leveled against him as well, needless to say – what a mess.

A couple of takeaways jump out:

First: As a corporation/company, are you doing all that you can do to protect personal information of clients, customers and employees? This is a very hot topic, we read about cyber breach just about every day in the paper or hear about them in the news. It is incumbent on the management team, board and other people in positions of responsibility to make sure that appropriate measures are being taken to protect the entity against such intrusive breaches. This also speaks to the heart of D&O insurance and fiduciary duty. As a director or officer you have been charged with the overall stewardship of the organization and thus any breach of duty will fall directly on your shoulders. The type of litigation mentioned in this article is very expensive. Enough said.

Second: Understand your employment practices liability. Here the employer is being sued because of a wrongful termination claim apparently due to the employees “whistle blowing”. Again, these types of actions can get very expensive. Sometimes employment practices liability policies share the same limit with the D&O – I’m not say this is good or bad – but potential exposures must be evaluated to make sure appropriate limits are purchased.

Third: This type of lawsuit especially in a public forum can dramatically damage a company’s reputation. Imagine word getting out that the company you are counting on to protect your personal information is not doing all they should be to protect it.

To wrap this up I would ask… Have you done all that you can do as a company to protect your clients, customers and reputation against harm – from without and from within?