Data Theft is Expensive

It is reported that the parent company of TJ Maxx and Marshalls has reached a settlement with 41 states that have been investigating the company after a data breach that exposed millions of consumer credit and debit accounts from 2005 to 2007. TJX Companies, Inc. will pay $9.75 million to the 41 states to resolve the claims and investigations.

This is a good reminder that data breach insurance or privacy insurance can be critical for businesses that handle large amounts of confidential data. Retail stores, financial institutions and health care organizations are particularly at risk. Most states have strict privacy and confidentiality laws that are on top of federal laws and companies with interstate operations can find themselves subject to many different standards.

Last year, AON Corporation created a whitepaper that is a must read for risk managers in companies with a high risk of data theft. Consider AON's reported statistics on data theft: "The total number of data breach victims in 2006 exceeded the 100 million mark (100, 453, 058) - one record for roughly every three Americans . The severity of data breaches increased in 2007." And, those figures increased again in 2008. Although state standards differ, most states require the business to take precautions to protect consumer data and hold businesses strictly liable when such breaches occur.

Privacy and data breach insurance can cover damages in the event of a malicious data breach. Insurers providing coverage may also provide security audits to determine if security precautions are sufficient. While the coverage is evolving and businesses need to review any potential policy carefully, the coverage can limit risks associated with handling sensitive data.