It has been reported that the law firm Mossack Fornseca filed a complaint against one of its employees. That employee was arrested in Switzerland on data theft charges. Computer equipment was also seized by authorities. At this point it is not clear if this arrest and the leak of the Panama papers is linked.
No matter how well a law firm protects its self from intrusions of hackers from the outside. The greatest threat remains employees in the firm. They have the access and knowledge to steal data from a firm. As with the theft from an operating account or trust account, a firm would never go without the proper insurance coverage to protect themselves from a theft of funds. But many firms have no or inadequate insurance protection for the theft of data from the firm and the costs to address that theft.
Depending on the type of law a firm practices, the data theft may include; personal data such as dates of birth, social security numbers, driver’s license numbers, credit card information, medical records, legal records, accounting records, tax records and/or other information entrusted to the organization cost the firm? Release of this information can open up the organization to violation of HIPPA, Granm-Leach-Billey Act, or other state privacy legislation that can open up the firm to law suits for damages.
Relying on coverage through The Law Firm’s Business Owners & Lawyers Malpractice Insurance will leave hole in your coverage.
A good Data Breach/Cyber Liability Insurance offers 1st party and 3rd party coverage. It needs to respond to the following exposures:
1st Party Claims
1. Incident Response Services
2. Ransom demands to unlock your system.
3. Notification requirements costs from federal & state laws & regulations to your clients that have suffered a data breach
4. System assistance in restoring your systems and data
5. Loss of income for the time that it takes to recover from a data breach
6. Harm to reputation & goodwill
7. Crisis Management and public relations costs
3rd Party Claims
1. Damages to clients that have suffered a data breach
2. Cost of defense to defend you from these claims
3. Regulatory Violations, fines and penalties that may be accessed against the firm