All 50 States have enacted laws to protect individual personal information, and these laws have been updated and strengthened in recent years as threats increased and breach incidents have become more common.
It's an almost impossible challenge to keep current on the requirements of all of these laws. How might differences in state and federal laws impact you?
If you cover workers and participants who live in a neighboring state, you'll have to comply with both states’ laws if a cyber breach occurred. If you've got a larger footprint, you might have to consider three or four states’ laws.
Add in retirees who have relocated some distance and the complexities multiply further.
PII and PHI can be used to access participants’ assets or sold to scammers. Cyber criminals may also plant viruses that lock up fund office systems until a ransom is paid and in most cases leave systems in disarray.
Cyber liability insurance provides limits of liability that can help pay the cost of notification, provide coverage for other associated costs and provide liability insurance protection should the plan or its fiduciaries be sued.
Firewalls and complex logins help but a large percentage of breaches occur because of errors made by people rather than computers. Lost or laptops, data storage devices or as improperly disposed paper records are all high risk.
Fiduciary liability and other policies aren’t designed to protect against cyber liability claims.
And, because those policies do not focus on cyber crimes, they do not offer the additional services and first party costs found in most cyber liability policies. What first steps should we consider?
Information security is crucial. Policies and procedures should be reviewed and strengthened. Data encryption, if not already in place, should be implemented.
Insurance coverage should also be reviewed annually in terms of both coverage levels and policy features.