In honor of Data Privacy Day, Cyber Data Risk Managers asked top industry experts their thoughts on what they think, feel and should happen in 2013 as it pertains to Data Privacy, Information Security and Cyber Insurance and what steps can be taken to mitigate risk.
Cyber Data Risk Managers asked many top privacy and data security experts, including Dr. Larry Ponemon, Rick Kam, Richard Santalesa and Bruce Schneier, their thoughts on what to expect in 2013. OlenderFeldman LLP contributed the following quote:
2012 was notable for several high-profile breaches of major companies, including LinkedIn, Yahoo!, and Zappos, among others. As businesses move more confidential and sensitive data to the cloud (especially in the aftermath of Hurricane Sandy’s devastation and the havoc it wreaked on businesses with locally-based servers), data security obligations are of paramount importance. Businesses should expect more notable data breaches, more class-action lawsuits, and federal legislation concerning data breach obligations in 2013.
To protect themselves, business should: (i) require that cloud providers and other third-party vendors provide them with a written information security plan containing appropriate administrative, technical and physical security measures to safeguard their valuable information; and (ii) ensure compliance with those obligations by drafting appropriate contractual provisions that delineate indemnification and data breach remediation obligations, among others. In particular, when using smaller providers, businesses should consider requiring that the providers be insured, so that they will be able to satisfy their indemnification and remediation obligations in the event of a breach.
Give the 2013 Data Privacy, Information Security and Cyber Insurance Trends report a read.