I know there is insurance that can help with data security breaches. Whilst it may not help with any fines it can help with things such as the cost of investigating the breach, legal costs and the cost of notifying affected parties.
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Baines, Jonathan
Sent: 13 January 2014 10:56
To: [log in to unmask]
Subject: Re: [data-protection] Insurance for data breaches
I know that the FSA have introduced a specific rule forbidding insuring against their fines: this is because, although the law is unclear, it may be that it is unlawful to insure against a civil penalty (it is certainly unlawful to insure against a criminal penalty). I suspect that insurers and insured might not want to take the risk of entering into a policy that might not be enforceable. I don't know if ICO has pronounced on this?
This is what the FSA say:
"It is true that, for public policy reasons, a contract of insurance that purports to insure against the risk or consequences of the insured being found liable for a deliberate wrong is void and unenforceable. One cannot therefore enter into a binding contract of insurance against a criminal fine. It might also be impossible (at common law and for the same reasons) to validly insure against a civil fine, at least to the extent that that fine is imposed for a deliberate, or fraudulent, act or omission.
However:
• there are no decided cases on the legality, in the United Kingdom, of insurance against a civil fine; • most of the academic texts suggest that the Courts would probably find that it is possible to enter into a binding contract of insurance against the risk of receiving a civil fine, at least to the extent that that fine is imposed for a negligent, or nonfraudulent, act or omission; and • even if it was not possible to enter into a binding contract of insurance, the only risk that a firm would take, in purporting to do so, would be the risk that its contract would be unenforceable. There are no other legal sanctions – unless, for example, we could also show that in purporting to enter into such a contract, an authorised firm had breached our rules"
http://www.fsa.gov.uk/pubs/policy/ps191.pdf
Jonathan Baines
Complaints and Information Rights Officer Legal and Democratic Services Buckinghamshire County Council
01296 383681
Follow us on twitter @buckscclegal
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Lynn Wyeth
Sent: 13 January 2014 10:42
To: [log in to unmask]
Subject: [data-protection] Insurance for data breaches
Has anyone had any experience of insurers refusing to cover for data breaches?
Our Council insurance covers us for costs, civil claims etc (but not fines), but some of our suppliers, especially just data processors, have come up against some barriers when trying to get insured recently.
Anyone any recommendation for smaller businesses that do such cover?
Thanks
Lynn
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|