Allocating Risk for Privacy and Data Security in Commercial Contracts and Related Insurance Implications
|
|
- Felicia Patterson
- 6 years ago
- Views:
Transcription
1 Allocating Risk for Privacy and Data Security in Commercial Contracts and Related Insurance Implications Presented by: Selena J. Linde George Galt Aaron Coombs June 23, 2016 Perkins Coie LLP
2 Presenter: Selena Linde Selena Linde is a Partner in Perkins Coie's Insurance Recovery Practice and is a primary author and editor of the Association of Corporate Counsel's Policyholders Primer on Insurance. Ms. Linde has been honored as one of twenty-five worldwide recipients of Business Insurance's Women to Watch, one of eleven National Insurance Stars and one of the top 150 Women Litigators by Benchmark Plaintiff. Ms. Linde has recovered more than a billion dollars for her clients and has an active trial practice representing policyholders in complex insurance coverage cases throughout the country and an equally active arbitration, mediation, and counseling practice. Selected representations include: Lead Coverage Counsel for a Global 50 Pharmaceutical (D&O Claims related to Government Investigations and Anti-Trust Suits) Lead Coverage Counsel for Hospitality Company (Data/Privacy and Property Claims) Lead Coverage Counsel for Residential Capital ( E&O and D&O Claims related to packaging of mortgage backed securities) Lead Counsel NorthWestern Energy (CGL, D&O, Property, and EPL Claims) Co-lead Counsel Motors Liquidation Trust (CGL claims related to historical asbestos and environmental liability for pre-bk General Motors) 2 Join Ms. Linde's LinkedIn network for updates and articles on insurance coverage topics. She can be reached directly at (202) or SLinde@perkinscoie.com.
3 Presenter: George Galt George Galt is an Assistant General Counsel at AOL where he supports the advertising group. In that capacity, he negotiates agreements regarding data gathered through websites, applications and business interactions. Prior to AOL, George was the Associate General Counsel at The Associated Press managing the business transactions unit. He provided legal support for AP s efforts to gather behavior data regarding news usage and helped AP to develop a rights expression language to support automated content transactions. Prior to AP, George was in private practice at Drinker, Biddle & Reath. He can be reached at george.galt@teamaol.com. 3
4 Presenter: Aaron Coombs Aaron Coombs is Counsel in Perkins Coie s Insurance Recovery practice group. He has helped clients maximize their insurance assets under many different types of policies from spacecraft to cyber, property to casualty, and many others. He routinely counsels clients when purchasing insurance, and has extensive proficiency in identifying gaps in coverage and negotiating the terms and conditions for cyber-risk and management liability (D&O) insurance policies. He also helps clients with additional insured and contractual indemnification issues. Aaron has helped clients recover insurance proceeds for product liability claims, product recalls, government investigations, employment discrimination, as well as cases involving alleged violations of the Fair Labor Standards Act, Sherman Antitrust Act, and False Claims Act. Aaron is currently working on several cyber-risk insurance claims for clients that experienced malicious hacking attacks, as well as several product recall claims. He can be reached directly at (202) or Acoombs@perkinscoie.com 4
5 Introduction Heightened state of data and IT security How to protect your company Landscape of contract negotiations on data and IT security Avoiding the pitfalls of 3 rd parties dictating your company s policies: allocation of risk and contract tips 5
6 Heightened State of Data and IT Security Public Breaches Regulators What is Data? What is PII? 6
7 7
8 8
9 How Do You Protect Your Company? Breach response plan Insurance application requirements problematic exclusions 9
10 Contract Negotiations on Data & IT Security Broadened clauses of indemnification Third party standards Security audits Reps and warranties 10
11 Allocation of Risk and Contract Tips Your own insurance policies Your contracts 11
12 Cyber Risk/Privacy Policies Coverage Grants Vary Greatly "First-Party" Coverage: Losses due to destroyed or damaged data; data restoration Business Interruption Extortion demands "Third-Party" Coverage Privacy Liability Unauthorized disclosure of confidential information Costs to investigate breaches, satisfy notification obligations, defend against regulatory proceedings 12
13 Available Coverage Components Network Security Liability: Third-party liability resulting from a failure of your network security to protect against destruction, deletion or corruption of a third-party electronic data, denial of service attacks against internet sites or computers; or transmission of viruses to third-party computers and systems. Privacy Liability: Liability to a third-party as a result of your failure to properly handle, manage, store or otherwise control personally identifiable information, corporate information identified as confidential and protected under a nondisclosure agreement and unintentional violation of privacy regulations. Crisis Management & Identity Theft Response Fund: Expenses to comply with privacy regulations, such as communication to and credit monitoring services for affected customers. This also includes expenses incurred in retaining a crisis management firm for the purpose of protecting/restoring your reputation as a result of the actual or alleged violation of privacy regulations. Cyber Extortion: Ransom or investigative expenses associated a threat directed at you to release, divulge, disseminate, destroy, steal, or use the confidential information taken from the insured, introduce malicious code into the your computer system; corrupt, damage, or destroy your computer system, or restrict or hinder access to your computer system. Network Business Interruption: Reimbursement of your own loss of income and/or extra expense resulting from an interruption or suspension of its systems due to a failure of network security to prevent a security breach. Data Asset Protection: Recovery of your costs and expenses incurred to restore, recreate, or regain access to any software or electronic data from back-ups or from originals or to gather, assemble and recreate such software or electronic data from other sources to the level or condition in which it existed immediately prior to its alteration, corruption, destruction, deletion, or damage. 13
14 Negotiate Insurance Policy Language Coverage Grants Vary Greatly No standard form language Customize and do not buy off the shelf policies Ensure your policy covers cyber losses not resulting from theft Review proposed policy language with a critical eye Who is the insured? How are defense costs treated? Who chooses defense counsel and breach response firms? What is the retroactive date? Are you comfortable with the proposed sublimits? 14
15 Negotiate Insurance Policy Language Be Wary of Certain Exclusions Terrorism and war Regulatory actions Breach of contract (PCI-DSS?) Fines and penalties Third-party vendor Insured vs. insured Misappropriation of intellectual property Eliminate Duplicate Coverages 15
16 Do Your Traditional Policies Cover Cyber/Privacy Risks? Many Facets of a Data Breach: Multiple Policies May Respond Errors & Omissions (E&O)/Professional Liability Directors and Officers (D&O) Fidelity Commercial General Liability New ISO CGL data breach exclusions Property Other Policies/Indemnification Agreements 16
17 Model Contract Provisions: Privacy, Data Security, and Insurance Framework to address privacy and data security and insurance in the context of an agreement between Company and a service provider or vendor Vendor/service provider will have access to Company information, information related to Company information or other confidential information of Company 17
18 Model Contract Provisions: Privacy, Data Security, and Insurance NOTE: sample provisions must be tailored and supplemented to fit particular facts and circumstances If Company will also be hosting vendor data you may not be willing or able to make mutual many of the provisions we will discuss, because hosting or storing information on behalf of other companies is not Company's business. 18
19 Model Contract Provisions: Privacy, Data Security, and Insurance Confidentiality Provisions Security of Personal Information Provisions Establishing Contractual Insurance Provisions 19
20 Confidentiality Provisions Confidentiality Provisions Definition Marking Survival Return or Destruction Boilerplate Confidentiality Carve Outs Ownership and Use 20
21 Confidentiality Provisions Definition of Confidentiality Must capture all sensitive data Also protect information that a party should reasonably understand to be of a confidential nature Marking Tangible medium Specify handling procedures Oral Information 21
22 Confidentiality Provisions Survival Must survive termination of the Agreement (non-negotiable) Ownership and Use Limit to purpose for which it was provided Specify recipient does not own 22
23 Confidentiality Provisions Return or Destruction Company should elect at time of termination or request Consider confidential information will be transmitted, and where copies may be retained (i.e. / corporate server backups, etc.) Certificate of destruction 23
24 Confidentiality Provisions BE CAREFUL of Boilerplate Carve-Outs Typically carve out certain information Publicly available through no fault of Vendor/Service Provider Disclosed via breach or other wrongful act provisions still apply to the use of the information 24
25 Security of Personal Information Provisions Company Information Representations, Warranties and Covenants. Audit rights Remedies for breach Security Breach Notification Subcontractors and Flow-Down Provisions Location of Data/Employee Issues Disaster Recovery 25
26 Company Information Company exclusively owns all Company Information. "Company Information" is any information about persons or entities that Vendor obtains in any manner from any source under this Agreement, which concerns prospective and existing customers or employees of (1) Company, (2) Company's affinity marketing partners, (3) Company s contracting parties and (4) Company s suppliers. Company Information includes, without limitation, names, addresses, telephone numbers, addresses, social security numbers, credit card numbers, call-detail information, purchase information, product and service usage information, frequent flier information, account information, credit information, demographic information and any other personally identifiable information. Company Information is the Confidential Information of Company under the Agreement. Vendor (a) may collect, store, access, use, process, maintain and disclose Company Information only to fulfill its performance obligations under the Agreement and for no other purpose, and (b) shall, without limiting any other obligations applicable to Company Information hereunder, treat all Company Information as Confidential Information of Company. For this Agreement, the acts or omissions of Vendor and anyone with which it is associated (e.g., employees of Vendor and its subsidiaries and affiliates, and Vendor's agents and approved contractors and subcontractors, and their respective employees) are Vendor s acts or omissions. 26
27 Representations, Warranties and Covenants Compliance with Applicable Laws Vendor hereby represents and warrants that it is and will remain in compliance with all applicable domestic laws, including without limitation any national, regional and local laws, and all applicable international laws ("Applicable Laws") and that it will not cause Company to be in material violation of any Applicable Laws. Vendor represents and warrants that Vendor is not and has not been a party to any current, pending, threatened or resolved enforcement action of any government agency, or any consent decree or settlement with any governmental agency or private person or entity regarding any Security Breach (defined below) or otherwise regarding data privacy or information security. 27
28 Representations, Warranties and Covenants Compliance with Industry Rules or Guidelines If Vendor processes, stores, transmits or has access to Company Information that includes payment information (including, without limitation, credit card, debit card, or financial account information), Vendor represents and warrants that it is, and will remain, in compliance with the data security rules of any applicable payment network or organization, including, but not limited to, (1) the Payment Card Industry Data Security Standard for protecting credit and debit cardholder information, as the same may be amended, updated, replaced or augmented, and (2) the NACHA Operating Rules, developed and administered by NACHA The Electronic Payments Association, for protecting financial account information and the Automated Clearing House network, as they may be amended, updated, replaced or augmented. 28
29 Representations, Warranties and Covenants Vendor should be required to: Use administrative, physical and technical safeguards that prevent any unauthorized collection, use or disclosure of, or access to, Company Information Implement and maintain an information security program to protect Company Information Can be covenant or representation and warranty Strict Liability Vendor fully responsible 29
30 Representations, Warranties and Covenants: Security Vendor is fully responsible for any authorized or unauthorized collection, storage, disclosure and use of, and access to, Company Information. 30 Vendor shall implement and maintain administrative, physical and technical safeguards ("Safeguards") that prevent any collection, use or disclosure of, or access to, Company Information that this Agreement does not expressly authorize, including, without limitation, an information security program that meets the highest standards of best industry practice to safeguard Company Information. Such information security program will include, without limitation, (i) adequate physical security of all premises in which Company Information will be processed and/or stored; (ii) reasonable precautions taken with respect to the employment of and access given to Vendor personnel, including background checks and security clearances that assign specific access privileges to individuals, training employees on the proper use of Vendor s computer systems and the importance of personal information security, and restricting access to records and files containing Company Information to those who need such information to perform their job duties; and (iii) an appropriate network security program, including designation of one or more employees to coordinate the security program, monitoring of systems for unauthorized use of, or access to, personal information, appropriate access and data integrity controls, testing and auditing of all controls, appropriate corrective action and incident response plans, and encryption of all records and files containing personal information that will travel across public networks, be transmitted wirelessly, or be transmitted outside of the secure system of the business; and (iv) encryption of all Company Information stored on laptops and other portable devices.
31 Representations, Warranties and Covenants Compliance with Company Policies Vendor should comply with your company s written privacy and security policies Provide policy not less than 30 days prior to effective date of policies Compliance does not relieve Vendor of duties to protect Company Information or other Confidential Information 31
32 Representations, Warranties and Covenants Prior Audits Require vendor to represent and warrant that its network, systems and premises have undergone annual audits Audits did not reveal vulnerabilities! What if Vendor objects to materiality standard? Will vendor agree to use language of audit standard? Provide copies of audits? Provide summaries? 32
33 Representations, Warranties and Covenants Disclosure of Prior Breaches Require vendor to represent and warrant no prior security breaches or disclosure Prior enforcement actions? Non mutual provisions 33
34 Representations, Warranties and Covenants Disclosure of Prior Breaches: Vendor represents and warrants that the Vendor Systems have (a) not suffered any actual, probable or reasonably suspected breach of any safeguards or of any other actual, probable or reasonably suspected unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any information maintained on the Vendor Systems (each, a "Security Breach"); or (b) if the Vendor Systems have suffered one or more Security Breaches, that Vendor has disclosed each Security Breach to Company. Vendor represents and warrants that Vendor is not and has not been a party to any current, pending, threatened or resolved enforcement action of any government agency, or any consent decree or settlement with any governmental agency or private person or entity regarding any Security Breach or otherwise regarding data or information security. 34
35 Representations, Warranties and Covenants NO overriding disclaimers! 35
36 Audit Rights Is Vendor hosting sensitive or mission critical data? Annual 3 rd party audits Report audit results Promptly correct vulnerabilities Right to terminate for breach of this provision? Liquidated damages? 36
37 Audit Rights Independent Auditor Costs Visitation and Inspection Right 37
38 Remedies for Breach Injunctive Relief Liquidated Damages Termination Indemnification Limitation of Liability 38
39 Security Breach Notification Definition Notification Point of Contact Notice of Third-Party Legal Process Expense Responsibilities 39
40 Subcontractors and Flow-Down Provisions Prior approval All data security provisions must flow down Necessary to fulfill subcontractor obligations Notification Require express consent? 40
41 Location of Data/Employee Issues Domestic or Overseas Storage Requirements Applicable to Overseas Storage and Processing EU Safe Harbor EU-US Privacy Shield Additional Requirements US Citizenship or Permanent Residence No Citizenship or Permanent Residence Requirement/Prohibition on Access by Individuals on Export Control Lists 41
42 Disaster Recovery During the term of this Agreement, Vendor shall implement and maintain a disaster recovery plan that ensures that all Company Confidential Information in Vendor's possession or control at a given time is capable of being recovered, and that the integrity of all such recovered Company Confidential Information is retained, in the event that Vendor's network, systems or other facilities experience a Security Breach or any significant interruption or impairment of operation or any loss, deletion, corruption or alteration of data ("Disaster Recovery Plan"). Vendor shall, at minimum, conduct annual internal information security audits of its Disaster Recovery Plan and certify the results of each such audit to Company within ten (10) days of completing each such audit. 42
43 Service Level Agreement Issues Data storage Encryption Access logging Records monthly/on request 43
44 Model Insurance Requirements Establishing Contractual Insurance Provisions: General Recommendations for all Maintenance of Insurance Provisions Types of Insurance Coverage to Consider Including In Maintenance of Insurance Provisions Minimum Insurance Provision Recommended 44
45 Contractual Insurance Provisions What kind of work is being done? Types of potential losses or accidents? Worst case scenario? Is entity responsible for the risk the same entity in the best position to control the risk? Additional insured status? Limits? 45
46 Contractual Insurance Provisions Licensed and approved in states Minimum A.M. Best Rating Additional Insured status Primary and non-contributory Notice of cancellation/renewal Evidence of Insurance Indemnification excess of insurance 46
47 Types of Policies to Consider Cyber Risk/Privacy Policies Errors and Omissions Commercial General Liability Workers Compensation 47
48 Questions? Selena J. Linde Aaron Coombs
Cyber Risk Proposal Form
Cyber Risk Proposal Form Company or trading name Address Postcode Country Telephone Email Website Date business established Number of employees Do you have a Chief Privacy Officer (or Chief Information
More informationAPPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London SECTION I. GENERAL INFORMATION 1. Name of Applicant: Physical Address: (as it should appear
More informationDATA PROTECTION ADDENDUM
DATA PROTECTION ADDENDUM In the event an agreement ( Underlying Agreement ) entered into by and between (i) either Sunovion Pharmaceuticals Inc. or its subsidiary, Sunovion Pharmaceuticals Europe Ltd.
More informationMEDIATECH INSURANCE APPLICATION THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional
THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional Services: $100,000 $250,000 $500,000 $1,000,000 $2,000,000 Other:$ Technology Product
More informationDATA COMPROMISE COVERAGE FORM
DATA COMPROMISE DATA COMPROMISE COVERAGE FORM Various provisions in this policy restrict coverage. Read the entire policy carefully to determine rights, duties and what is and is not covered. Throughout
More informationTERMS AND CONDITIONS OF SERVICE 1. DEFINITIONS: Affiliate means any entity which directly or indirectly owns or controls, is controlled by, or is
TERMS AND CONDITIONS OF SERVICE 1. DEFINITIONS: Affiliate means any entity which directly or indirectly owns or controls, is controlled by, or is under common control with, Donnelley Financial or Client,
More informationEU Data Processing Addendum
EU Data Processing Addendum This EU Data Processing Addendum ( Addendum ) is made and entered into by and between AlienVault, Inc., a Delaware corporation ( AlienVault ) and the customer specified in the
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationNATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE
NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE As many of you know, Gramm-Leach-Bliley requires "financial institutions" to establish and implement a Safeguard Rule Compliance
More informationACCENTURE LLP PURCHASE ORDER TERMS AND CONDITIONS
ACCENTURE LLP PURCHASE ORDER TERMS AND CONDITIONS 1. The Vendor-furnished products (including, without limitation, software, hardware, equipment and any parts, components and accessories) ( Products )
More informationDATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. DATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY Coverage under this endorsement is subject to the following: PART 1 RESPONSE
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationTERMS 1. OUR PRODUCTS AND SERVICES 2. INFORMATION SERVICES 3. INSTALLED SOFTWARE
TERMS These Terms govern your use of the Clarivate Analytics products and services in your order form. We, our and Clarivate means the Clarivate entity identified in the order form and, where applicable,
More informationMain Street Bank EXTERNAL FUNDS TRANSFER AGREEMENT
Main Street Bank EXTERNAL FUNDS TRANSFER AGREEMENT ACCEPTANCE OF TERMS This Agreement sets out the terms and conditions (Terms) upon which Main Street Bank (Bank) will provide the ability to perform external
More informationPreparing in Advance for a Natural Disaster: Insurance Coverage Issues and Tips for Companies Dealing with Such Losses
ACC CONFERENCE Preparing in Advance for a Natural Disaster: Insurance Coverage Issues and Tips for Companies Dealing with Such Losses November 9, 2017 Selena J. Linde, Perkins Coie LLP Vivek Chopra, Perkins
More informationInternet Services and Central Link Broadband Agreement
Central Link Broadband 155 N League Ranch RD Waco, TX 76705-4917 Internet Services and Central Link Broadband Agreement This Internet Services and Central Link Broadband Agreement (the Agreement ) is between
More informationWhen The Wind Blows: Renewable Energy Risk Management Strategies
When The Wind Blows: Renewable Energy Risk Management Strategies Small Wind Conference 2017 1 Overview About HUB Insurance Solutions General Coverage Overview Stakeholders Cyber Liability Engineers and
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationClaims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: NetGuard Plus Claims Made Basis. Underwritten by Underwriters at Lloyd s, London tice: The Policy for which this Application is made applies only to Claims made against any of the Insureds
More informationDrake Hosted Hosted Service Agreement IMPORTANT PLEASE READ CAREFULLY THE FOLLOWING TERMS AND CONDITIONS
Drake Hosted Hosted Service Agreement Date last modified: 12/9/2016 IMPORTANT PLEASE READ CAREFULLY THE FOLLOWING TERMS AND CONDITIONS This Hosted Service Agreement (the Agreement ) is a legal agreement
More informationCyber Insurance 2017:
Cyber Insurance 2017: Ensuring Your Coverage is Sound Thursday, March 23, 2017 Attorney Advertising Prior results do not guarantee a similar outcome 777 East Wisconsin Avenue, Milwaukee, WI 53202 414.271.2400
More informationPROQUIRE LLC PURCHASE ORDER TERMS AND CONDITIONS
PROQUIRE LLC PURCHASE ORDER TERMS AND CONDITIONS 1. The Vendor-furnished products (including, without limitation, software, hardware, equipment and any parts, components and accessories) ( Products ) and/or
More informationNASDAQ Futures, Inc. Off-Exchange Reporting Broker Agreement
2. Access to the Services. a. The Exchange may issue to the Authorized Customer s security contact person, or persons (each such person is referred to herein as an Authorized Security Administrator ),
More informationCLOUDINARY DATA PROCESSING ADDENDUM
CLOUDINARY DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the agreement for the subscription by the Customer to the Cloudinary Service ("Subscription Agreement") between Cloudinary
More informationCyber Liability A New Must Have Coverage for Your Soccer Organization
Cyber Liability A New Must Have Coverage for Your Soccer Organization Presented By: Pat Pullen Jeanne Zabuska President Underwriting Manager February 17, 2012 Why do you need Cyber Liability? Have a web
More informationAccessHosting.com TERMS OF SERVICE
AccessHosting.com TERMS OF SERVICE 1. Legally binding agreement. By ordering and/or using any service offered or provided by Access Hosting LLC, dba AccessHosting.com ( AccessHosting.com), the individual
More informationCyber Enhancement Endorsement
Cyber Enhancement Endorsement What is Cyber Risk? Why should I buy Cyber Risk insurance? What is the cost? Why should I buy Great American s product? Who do I contact to learn more about Cyber Risk Insurance?
More informationExternal Account Transfer Agreement July 16, 2014
External Account Transfer Agreement July 16, 2014 Welcome to Altra Federal Credit Union s External Accounts Transfer Service. With this Service, you may transfer funds from your Credit Union account(s)
More informationProtecting Against the High Cost of Cyberfraud
Protecting Against the High Cost of Cyberfraud THE ROLE OF CYBER LIABILITY INSURANCE IN YOUR RISK MANAGEMENT STRATEGY Paying the Price...2 The Ransomware Scourge...3 Policy Provisions...3 Management Liability...4
More informationThe Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage
The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage James P. Bobotek james.bobotek@pillsburylaw.com (202) 663-8930 Pillsbury Winthrop Shaw Pittman LLP DOCUMENT
More informationData Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor
Data Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor This Addendum is applicable only in those situations where the Selected
More informationPayment Card Industry (PCI) Data Security Standard Validation Requirements
Payment Card Industry (PCI) Data Security Standard Validation Requirements For Qualified Security Assessors (QSA) Version 1.2 October 2008 Document Changes Date Version Description October 2008 1.2 To
More informationCYBER LIABILITY REINSURANCE SOLUTIONS
CYBER LIABILITY REINSURANCE SOLUTIONS CYBER STRONG. CYBER STRONG. State-of-the-Art Protection for Growing Cyber Risks Businesses of all sizes and in every industry are experiencing an increase in cyber
More informationData Processing Appendix
Company Name* Execution Date *Company name indicated must conform to the name on customer s Master Subscription Agreement executed with SugarCRM. This Data Processing Appendix on the processing of personal
More informationDATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses)
DATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses) This Data Processing Agreement ("DPA") forms part of the Master Services and Subscription Agreement between Customer and
More informationINFORMATION AND CYBER SECURITY POLICY V1.1
Future Generali 1 INFORMATION AND CYBER SECURITY V1.1 Future Generali 2 Revision History Revision / Version No. 1.0 1.1 Rollout Date Location of change 14-07- 2017 Mumbai 25.04.20 18 Thane Changed by Original
More informationData Protection Agreement
Data Protection Agreement This Data Protection Agreement (the DPA ) becomes effective on May 25, 2018. The Customer shall make available to GURTAM and the Customer authorizes GURTAM to process information
More informationPAYROLL SERVICE AGREEMENT
PAYROLL SERVICE AGREEMENT YOUR NAME: DATE: This Payroll Services Agreement (this Agreement ) is made as of the day of, 20 for the effective service commencement date of, between Client identified above
More informationH 7789 S T A T E O F R H O D E I S L A N D
======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them
ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them PROVIDED BY HUB INTERNATIONAL October 25th, 2016 W W W. C H I C A G O L A N D R I S K F O R U M. O R G AGENDA 1. The evolution of
More informationCyber Risk Insurance. Frequently Asked Questions
Cyber Risk Insurance Frequently Asked Questions Frequently Asked Questions What is Cyber Risk? Why should I buy Cyber Risk Insurance? What is the cost? Who is Great American Insurance? Why should I buy
More information2017 Copyright The Sequoia Project. All rights reserved.
Exhibit 1 Carequality Connection Terms As used herein, Organization refers to the Carequality Connection upon which these Carequality Connection Terms are binding and Sponsoring Implementer refers to the
More informationDOJ Postpones Website Accessibility Proceeding: How Businesses Can Prepare in Anticipation of a Lawsuit and How to Maximize Your Insurance Once Served
DOJ Postpones Website Accessibility Proceeding: How Businesses Can Prepare in Anticipation of a Lawsuit and How to Maximize Your Insurance Once Served by Kimberly S. Reindl and Selena J. Linde The Department
More informationU.S. Eagle Federal Credit Union Mobile Banking Agreement
U.S. Eagle Federal Credit Union Mobile Banking Agreement Please read these Agreements carefully before accessing or using this service. By accessing or using the service, you agree to be bound by the terms
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationREF STANDARD PROVISIONS
This Data Protection Addendum ( Addendum ) is an add- on to the Purchasing Terms and Conditions. It is applicable only in those situations where the Selected Firm/Vendor provides goods or services under
More informationDELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION)
DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION) Delhaize America, LLC Pharmacies and Welfare Benefit Plan 2013 Health Information Security and Procedures (As
More informationData Processing Agreement
Data Processing Agreement This Data Processing Agreement with EU Standard Contractual Clauses (Processors), (the DPA ) supplements the Dropbox Business Agreement between Dropbox, Inc. and Dropbox International
More informationCyber & Privacy Liability and Technology E&0
Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner http://map.norsecorp.com http://www.youtube.com/watch?v=f7pyhn9ic9i Presentation Overview 1. The Cyber Evolution 2.
More informationPrivacy and Security Standards
Contents Privacy and Security Standards... 3 Introduction... 3 Course Objectives... 3 Privacy vs. Security... 4 Definition of Personally Identifiable Information... 4 Agent and Broker Handling of Federal
More informationA GUIDE TO CYBER RISKS COVER
A GUIDE TO CYBER RISKS COVER Cyber risk the daily business threat to SMEs Cyber risks and data security breaches are a daily threat to everyday business. Less than 10% of UK companies have cyber insurance
More informationKaiser Permanente Terms and Conditions for the Purchase of Goods and Services
Kaiser Permanente Terms and Conditions for the Purchase of Goods and Services These Kaiser Permanente Terms and Conditions for the Purchase of Goods and Services (the Terms and Conditions ) apply to Purchase
More informationBUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)
BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate) This HIPAA Business Associate Agreement ( Agreement ) is entered into this day of, 20, by and between
More informationGROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT
GROUP HEALTH INCORPORATED SELLING AGENT AGREEMENT This Agreement, made between Group Health Inc., having its principal office at 55 Water Street, New York, NY 10041 ("GHI"), and, having its principal office
More informationCustomer GDPR Data Processing Agreement
Customer GDPR Data Processing Agreement Version May 2018 This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation ( GDPR ) as it comes into effect on May
More informationDATA PROCESSING ADENDUM
W www.exponea.com C +421 948 127 332 sales@exponea.com A Exponea, Twin City B, Mlynské Nivy 12 821 09 Bratislava, SK DATA PROCESSING ADENDUM Exponea s.r.o. registered in the Commercial Register maintained
More informationNZI LIABILITY CYBER. Are you protected?
NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is
More informationAxosoft Software as a Service Agreement
Axosoft Software as a Service Agreement IMPORTANT - PLEASE READ CAREFULLY: BY CREATING AN ACCOUNT OR BY UTILIZING THE AXOSOFT SERVICE YOU AGREE TO BE BOUND BY THESE TERMS AND CONDITIONS. This software
More informationTOKEN PURCHASE AGREEMENT
TOKEN PURCHASE AGREEMENT PLEASE READ THIS TOKEN PURCHASE AGREEMENT DATED 17 JULY 2018 (THE AGREEMENT ) VERY CAREFULLY. THIS AGREEMENT ALSO SETS FORTH THE TERMS AND CONDITIONS. This Agreement contains the
More informationCombined Liability Insurance for Financial Technology Companies Proposal Form
Combined Liability Insurance for Financial Technology Companies Proposal Form Important Notice 1. This is a proposal for a contract of insurance, in which the 'proposer' or 'you/your' means the individual,
More informationCyber Liability: New Exposures
Cyber Liability: New Exposures Presented by: CONRAD INSURANCE 2007, 2010-2011, 2013-2014 Zywave Inc. All rights reserved. New Economy, New Exposures Business shift: Bricks and Mortar to Clicks and Orders
More informationProducer Agreement DDWA Product means an Individual or Group dental benefits product offered by Delta Dental of Washington.
Producer Agreement This agreement, effective the day of is between DELTA DENTAL OF WASHINGTON, referred to as DDWA in this agreement, and, referred to as Producer in this agreement. In consideration of
More informationCYBER AND INFORMATION SECURITY COVERAGE APPLICATION
NOTICE: THIS APPLICATION IS FOR CLAIMS-MADE AND REPORTED COVERAGE, WHICH APPLIES ONLY TO CLAIMS FIRST MADE AND REPORTED IN WRITING DURING THE POLICY PERIOD, OR ANY EXTENDED REPORTING PERIOD. THE LIMIT
More informationTHE MOST FREQUENT CLAIMS BROUGHT AGAINST HOTELS AND HOW TO PREVENT THEM v Anderson Kill P.C. All Rights Reserved.
THE MOST FREQUENT CLAIMS BROUGHT AGAINST HOTELS AND HOW TO PREVENT THEM 1 Allen Wolff Shareholder, Anderson Kill Insurance Lawyer Construction Lawyer Trial Lawyer 2 Disclaimer The views expressed by the
More informationB. Applicability of Agreement This software as a service agreement is valid for the term of the purchase period.
IMPORTANT-READ THIS TRIVANTIS SOFTWARE AS A SERVICE AGREEMENT (THIS "AGREEMENT") CAREFULLY BEFORE CONTINUING REGISTRATION. BY CLICKING THE "I ACCEPT" BUTTON OR OTHERWISE ACCEPTING THIS AGREEMENT THROUGH
More informationCboe Global Markets Subscriber Agreement
Cboe Global Markets Subscriber Agreement Vendor may not modify or waive any term of this Agreement. Any attempt to modify this Agreement, except by Cboe Data Services, LLC ( CDS ) or its affiliates, is
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT
Attachment G HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA) Compliance This HIPAA Business Agreement
More informationPO Terms for Ariba (Effective as of ).DOC
TERMS AND CONDITIONS 1. GENERAL. The vendor/seller (the Company ) identified on the attached purchase order (the PO ) shall provide the purchaser identified on the PO ( Purchaser ) all products and/or
More informationCUSTOMER DATA PROCESSING ADDENDUM
CUSTOMER DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) and applicable Attachments apply when HP acts as a Data Processor and processes Customer Personal Data on behalf of Customer in order
More informationOMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS
OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT Effective Date: September 23, 2013 RECITALS WHEREAS a relationship exists between the Covered Entity and the Business Associate that performs certain functions
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the Master Purchase Agreement, Customer Agreement, Channel Partner Agreement, End User License Agreement or other written agreement
More informationCYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP
CYBER LIABILITY INSURANCE OVERVIEW FOR Prepared by: Evan Taylor NFP Targeted Industries Business Sector Financial Services 10% Non-Profit 11% Retail 10% Other 37% Other 18% Type of Data PII 40% Professional
More informationSPRINT CLOUDCOMPUTE INFRASTRUCTURE SERVICES PRODUCT ANNEX
SPRINT CLOUDCOMPUTE INFRASTRUCTURE SERVICES PRODUCT ANNEX The following terms and conditions, together with the Sprint Standard Terms and Conditions for Communication Services ( Standard Terms and Conditions
More informationInsurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage
Presenting a live 90-minute webinar with interactive Q&A Insurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage THURSDAY, OCTOBER 5, 2017 1pm Eastern 12pm Central
More informationCyber Liability Insurance. Data Security, Privacy and Multimedia Protection
Cyber Liability Insurance Data Security, Privacy and Multimedia Protection Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such
More informationTOKEN PURCHASE AGREEMENT
TOKEN PURCHASE AGREEMENT PLEASE READ THIS TOKEN PURCHASE AGREEMENT DATED 17 JULY 2018 (THE AGREEMENT ) VERY CAREFULLY. THIS AGREEMENT ALSO SETS FORTH THE TERMS AND CONDITIONS. This Agreement contains the
More informationOrder Management Purchase Order General Terms
Order Management Purchase Order General Terms 1. Definitions and Interpretation 1.1. In these General Terms, the following terms shall have the following meaning: Adjustment Note means the definition given
More informationTrends in Cyber-Insurance Coverage to Meet Insureds Needs
Trends in Cyber-Insurance Coverage to Meet Insureds Needs Linda Wendell Hsu Selman Breitman LLP 33 New Montgomery Street, Sixth Floor San Francisco, CA 94105 (415) 979-0400 lhsu@selmanlaw.com William A.
More informationCOGNIBOX SAAS AGREEMENT FOR CONTRACTORS
COGNIBOX SAAS AGREEMENT FOR CONTRACTORS PLEASE READ THESE TERMS OF SERVICE CAREFULLY. BY CLICKING I AGREE, YOU AGREE TO THESE TERMS. These terms of service constitute an agreement (the Agreement ) by and
More informationTERMS AND CONDITIONS
TERMS AND CONDITIONS These terms and conditions apply to the order set forth above (the ORDER ) between SUPPLIER and BUYER (individually PARTY; collectively PARTIES ) relating to the goods/services (individually
More informationSouth Carolina General Assembly 122nd Session,
South Carolina General Assembly 122nd Session, 2017-2018 R184, H4655 STATUS INFORMATION General Bill Sponsors: Reps. Sandifer and Spires Document Path: l:\council\bills\nbd\11202cz18.docx Companion/Similar
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) is made between Cognito, LLC., a South Carolina corporation ( Cognito Forms ) and {OrganizationLegalName} ( Customer or Controller or {Organization}
More informationKalo SaaS Terms of Use
of Use These Kalo software as a service (SaaS) terms of use (the Terms ) are effective as of the Effective Date and in conjunction with the Privacy Policy and any other terms and conditions of use which
More informationARE YOU HIP WITH HIPAA?
ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined
More informationTERMS AND CONDITIONS FOR HEALTH INFORMATION EXCHANGE PARTICIPATION AGREEMENT
TERMS AND CONDITIONS FOR HEALTH INFORMATION EXCHANGE PARTICIPATION AGREEMENT June 30, 2016 TABLE OF CONTENTS 1. DEFINITIONS 2. TERMS AND CONDITIONS; POLICIES AND PROCEDURES 3. REGISTRATION APPLICATION
More informationCyber Security Liability:
www.mcgrathinsurance.com Cyber Security Liability: How to protect your business from a cyber security threat or breach. 01001101011000110100011101110010011000010111010001101000001000000100100101101110011100110111
More informationProduct Schedule Software Maintenance Services Schedule Definitions Form of Escrow Agreement (not included)
SOFTWARE LICENSE AGREEMENT This Software License Agreement ( Agreement ) is entered into on, 200_ (the Effective Date ), by and between Pundit Corporation ( Pundit ), a California corporation, located
More informationAWS GDPR DATA PROCESSING ADDENDUM
AWS GDPR DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) is an agreement between Amazon Web Services, Inc. ( AWS, we, us, or our ) and you or the entity you represent ( Customer, you or
More informationACORD 834 (2014/12) - Cyber and Privacy Coverage Section
ACORD 834 (2014/12) - Cyber and Privacy Coverage Section ACORD 834, Cyber and Privacy Coverage Section, is used to apply for cyber and privacy coverage. The form was designed to be used in conjunction
More informationSCHEDULE A TERMS AND CONDITIONS
SCHEDULE A TERMS AND CONDITIONS Section A - General Provisions 1. Definitions. Capitalized terms used and not otherwise defined herein shall have the meanings ascribed to such terms in Section B (Glossary
More informationSECURITY POLICY 1. Security of Services. 2. Subscriber Security Administration. User Clearance User Authorization User Access Limitations
! SECURITY POLICY This Security Policy ( Policy ) applies to all Services provided by Collective Medical Technologies, Inc. ( CMT ) pursuant to a Master Subscription Agreement ( Underlying Agreement )
More informationNew Cumberland Federal Credit Union NCFCU Remote Xpress Deposit Terms and Conditions Agreement
New Cumberland Federal Credit Union NCFCU Remote Xpress Deposit Terms and Conditions Agreement Your enrollment in NCFCU Remote Xpress Deposit Service constitutes your agreement with the Terms and Conditions
More informationLystable SaaS Terms of Use
of Use These Lystable software as a service (SaaS) terms of use (the Terms ) are effective as of the Effective Date and in conjunction with the Privacy Policy and any other terms and conditions of use
More informationReviewing and Drafting IT Agreements
Reviewing and Drafting IT Agreements March 10, 2015 Peter J. Kinsella 303/291-2328 The information provided in this presentation does not necessarily reflect the opinions of Perkins Coie LLP, its clients
More informationSOFTWARE LICENSE AGREEMENT
USE OF SUBMITTAL EXCHANGE ON THIS PROJECT IS GOVERNED BY THE SOFTWARE LICENSE AGREEMENT. IF SUBSCRIBER DOES NOT AGREE TO ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT, DO NOT USE THE SERVICE. BY USING
More information06/22/2017. acceptance by Provider. The terms of this Order also apply to any Corrective Action required by Company pursuant to Section 3 hereof.
06/22/2017 1. Terms of Order This purchase order is an offer by the company identified on the face of this purchase order ("Company") for the procurement of the services specified (the "Services") from
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the End User License and Services Agreement (the Agreement ) between Customer and Ivanti, to reflect the parties agreement about
More informationJAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group
SPECIAL GUEST JAMES GRAY Underwriter, London UK Specialty Treaty Beazley Group All 6 Beazley Lloyd's Syndicates are rated A (Excellent) by A.M. Best Admitted Carrier in the US Beazley Ins Co rated A (Excellent)
More information1 Lek Securities Corporation One Liberty Plaza 52 nd Floor New York, NY R e v i s e d 8 / 1 0 /
LEK SECURITIES CORPORATION TERMS AND CONDITIONS OF COMPUTER TRADING AND ROX USE These TERMS AND CONDITIONS OF COMPUTER TRADING AND ROX USE ( Terms and Conditions ) shall govern and control Customer s transmission
More information