The 2011/2012 Judicial Hellholes report from the American Tort Reform Foundation identifies Philadelphia at the top of the list, followed by California, West Virginia and South Florida.  Two counties in Illinois, Madison and St Clair, round out the top five.  The top four do not appear to have changed from the 2010/2011 report but there has been some shifting around for fifth place.  Cook County IL, the previous holder of fifth place, has been moved all of the way off the rankings to the watch list.   The report reasons the lack of civil justice reform keeps it on the watch list but since it experienced a relatively low-key year, it was allowed to fall from fifth place.  Of note, Madison County IL was previously on the watch list but moved clear up to a fifth place ranking due in part to the large number of asbestos related cases. 

Insurance Journal recently reported on a survey by Towers Watson indicating that the majority  of companies do not buy cyber insurance.   The report, 2012 Risk and Finance Manager Survey, shows over  7o percent of those surveyed are not buying network security /privacy liability policies.  According to the survey, this number has not changed significantly from the previous year and when coverage is purchased, lower limits are procured, with about 40% of the buyers opting for limits of 1 to 5 million. 

Click to read more ...

The California Attorney General’s Office recently announced a new privacy agreement with major mobile app platforms.  The announcement notes the already existing California Online Privacy Protection Act does apply to mobile applications.  So, mobile apps in use by California residents are required to include a privacy policy if personally identifiable information is collected.  The penalty imposed on app developers and app platforms for non-compliance is reported to be up to $500,000 per use of the offending app. The Attorney General’s announcement suggests privacy policies are not typical to mobile apps, with stats indicating that just five percent of all mobile applications include a privacy policy.  Of course having a privacy policy does not ensure data will remain private.  It could; however, help eliminate surprises like the ones reported recently regarding private info use in a Twitter app and in Apple iOS applications. 

As previously discussed, the cost per lost record for a data breach is $214 (according to a 2010 Ponenom Institute study).  Now, Experian Data Breach Resolution and Ponenom Institute have released results of their study on the  Aftermath of a Data Breach.  This study polled more than 500 IT professionals about one key data breach at their companies.  Highlights of some of the results:

-Half of the breaches were caused, where cause could be identified, by insiders (primarily negligent but 16 percent were reported as being caused by malicious insiders).

-60 percent of respondents indicated data lost or stolen was not encrypted.

-Over 60 percent of respondents said their companies did not offer credit monitoring services following the data breach.

-Respondents felt the best course of action to minimize the negative impact of the breach included hiring legal counsel, evaluating the harm to victims and hiring forensic experts.

Based on these highlights, insurance options that provide for forensic expert expenses and do not exclude breaches when arising from unencrypted data could be some of the more attractive coverage options for buyers.  Read more coverage considerations for privacy/security exposures.

We’ve discussed Terms of Service agreements in the past but a recent article in Smart Money magazine highlights some of the difficulties these and other fine print type agreements impose on the user.  Just a few interesting statistics from the article:

—The number of words in software licenses contracts has increased by 40 percent in the past 7 years.

—Transparency Labs (which is starting a web-based service designed to translate America’s largest corporate contracts into easier to understand text for free) estimates the cost of info not readily seen inside disclosures costs each household in the U.S. at least $2,000 a year.

—In a study related to research  conducted by John Marshall Law School and DePaul University regarding if the fine print is actually read prior to agreeing to it, over 90 percent of participants signed a contract saying they would do push-ups on demand and give other participants electric shocks.

While the article does not touch on fine print used in the professional liability insurance world, it certainly must exist.  In fact, we have some at the bottom of this blog. 

It’s that time of year again when predictions are made for top security threats for the upcoming year.  CNet offers up 5 key threats including malicious Android apps, utility hacking, hacktivism, e-voting security issues and increasing privacy exposures due to over-sharing of personal info via social networks.  As noted by Network World, Gartner also includes hacking as an increasing exposure in its IT predictions for 2012.  Specifically, it suggests hackers will generate new attack methods that along with new software vulnerabilities could generate a 10 percent growth in the financial impact of cybercrimes each year until 2016.  According to ZDNet, the 2012 threat predictions from McAfee also include mention of hacking and mobile phones.  Further, McAfee suggests other devices may be targeted such as GPS tracking and medical devices.  While spam may not have appeared at the top of the prediction lists for the last couple of years, McAfee does mention the possibility of spam increasing in 2012.  To review previous predictions, use the links below.

Security Threat Predictions for 2011

Security Threat Predictions for 2010

There is an interesting exchange on Eric Goldman’s Technology and Marketing Law Blog re corporate policies requiring employees to submit to their mobile phones being wiped in the event the phone is lost or stolen or the employee is suspected of compromising trade secrets.  The intriguing part of the policy is that it applies to personal phones used for company purposes, such as checking company email.  We have discussed the use of corporate and personal devices in the past in relation to what a company can control; however, this discussion raises more questions about what companies are allowed to do or even should do in relation to an employee’s personal phone. 

Click to read more ...