Print

Print


Michael asked "Where can I obtain information about security insurance as pertains to e-discovery vendors? In particular, I am  wanting to learn more about insurance coverage and limits for cybersecurity incidents that arise while the data is in the custody or control of third parties."



A few years ago, I incorporated this type of insurance in a City-wide contract for off-site storage of records; not the identical situation, but perhaps close enough. Here's the language I used:



15.4.3.            Security and Privacy Insurance with limits of at least $250,000 per occurrence and $1 million aggregate. The City, together with its officials and employees, shall be named an Additional Insured.



15.4.3.1.         NOTE:  While Security and Privacy Insurance may have begun as specifically-applicable to "cyber exposure", according to insurance industry information, it is today more generally-applicable to the unauthorized release of information, regardless of the medium on which that information is carried (see, for example, http://www.zurichna.com/zna/products/product/securityandprivacy.html). This insurance needs to cover the consequences of the unauthorized release of information.



NOTE:  the Zurich URL cited above is out of date; the current URL is http://www.zurichna.com/zna/securityandprivacy/securityandprivacy.htm



Also, I benefited greatly from the advice of Kenneth Fontana; his email was [log in to unmask]<mailto:[log in to unmask]> (not sure if this is his current email address; if not, you can find him on LinkedIn).



I hope this helps.



Fred

------------------------------------------------------------------------------------

Frederic J. Grevin

Vice-President, Records Management

New York City Economic Development Corporation

www.nycedc.com<http://www.nycedc.com>

[log in to unmask]<mailto:[log in to unmask]>

212-312-3903 (w)



List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]