The FCC Jumps into Cyber-Regulation with Millions in Fines

Posted by on November 18, 2014 | Be the First to Comment

Cyber
Recently, the Federal Communications Commission entered into the cyber regulatory field in a big way: proposing to fine two companies $10 million for alleged data security breaches.

The FCC is taking action against two telecommunications companies who provided prepaid phone services to low-income residential customers. According to the agency, the companies “collected names, addresses, Social Security numbers, driver’s licenses, and other proprietary information (PI) belonging to low-income Americans and stored them on unprotected Internet servers that anyone in the world could access with a search engine and basic manipulation.”

The FCC justified imposing such large fines in part because “the companies stored such consumer PI in two publicly accessible folders on the Internet without password protection or encryption. By not employing appropriate or even reasonable security measures, the companies exposed their customers to an unacceptable risk of identity theft and other serious consumer harms.” The FCC gave the companies 30 days to seek a reduction in the fine.

The FCC’s $10 million fine followed a $7.4 million settlement with Verizon in September over its use of customer information for marketing, and a $7.5 million settlement with Sprint back in May over “do not call” violations. These multimillion dollar fines are coming from a federal regulator not thought of as a data security and privacy watchdog. The Federal Trade Commission has mainly filled that role.

Federal-Communications-Commission

The FCC appears to be a new aggressive player on the cyber regulatory field that may have the power to move quicker in issuing fines than the FTC. When faced with a data security situation, the FTC typically issues a complaint setting forth its charges. If the respondent elects to settle the charges, it may sign a consent agreement (without admitting liability), agreeing to the entry of a final order and waiving all right to judicial review.

If contested, the matter is adjudicated, starting with an administrative trial working its way through the Federal courts and ending, potentially with the U.S. Supreme Court. Fines and penalties may be imposed on a respondent for violations of the FTC Act. The FCC, however, can move much more quickly in connection with companies it regulates and may impose a fine once it determines the company failed to protect the “confidentiality of proprietary information of its customers.”

From a risk standpoint, the recent FCC actions represent yet another exposure for telecommunications companies in connection with data security. A cyber insurance product is designed to protect against this risk and should offer coverage for regulatory claims such as those brought by the FTC, FCC or any other governmental agency, federal, state or local.

For those who already purchase a cyber policy to address this risk, it would be prudent to review the policy wordings to assure that regulatory claims are defined as broadly as possible to address new entrants in the privacy regulatory arena.

Additionally, cyber coverage purchasers should look to see whether their policy provides full policy limits for regulatory claims. In some cases, insurers hedge their bets by offering reduced sub-limits of liability for regulatory claims. Given the ramped up efforts by regulators such as the FCC, it is important to make sure adequate limits are in place.

Print Friendly

News on Ebola and the Effect on Business Continuity Planning

Posted by on November 10, 2014 | Be the First to Comment

White-Paper-Hero_Ebola-Business-Continuity

The reactions to Ebola Virus Disease (EVD) have understandably varied from heightened anxiety to calmly understated aplomb. What has become clear is that fear of Ebola has affected far more people in the United States than the disease ever will.

This state of anxiety is not unexpected given the newness and poor understanding of the lethal, yet hard-to-transmit disease. As this situation progresses, it has drawn the attention of many businesses to evaluate their own preparedness to the potential impact Ebola may have on their operations and supply chain.

Organizations today, more than ever, should make the wise investment in developing, implementing, and maintaining a viable Continuity Management Program. When developed correctly, a Continuity Management Program takes an “all hazards” approach to providing a layer of protection for your most important assets: people, information, cash flow, and reputation. To be effective, it relies upon the creation and maintenance of:

  • A business continuity plan
  • A technology/disaster recovery plan
  • A crisis communications plan

Read the full white paper to learn more about three actions recommended by the World Health Organization, as well as a sample continuity program plan its activation timeline.

 

Print Friendly

China Tackles Pollution with New Environmental Law in 2015

Posted by on November 5, 2014 | Be the First to Comment

China2

Effective Jan. 1, 2015, a more stringent Environmental Protection Law will be enforced in China to better address the country’s issue of pollution. We expect the volume of issued policies to increase significantly once the new regulations begin to be enforced.

Those enforcements will include more severe punishments. Among the increased penalties, China’s National People’s Congress will publicly name enterprises that break the protection laws in order to rally community support against lawful operations.

Read the rest of my market update to learn how individuals could face 15 days in prison, who is offering coverage for environmental liability as extension to their standard General Liability policies, and the options for customers who possess a more substantial risk.

Print Friendly

Four Changes for Employers as the Netherlands Enacts New Pension Regulations

Posted by and on October 29, 2014 | Be the First to Comment

Netherlands2

Regulations for employers’ pension plans are changing in the Netherlands and businesses should now begin working with their advisors to adjust to the new rules before the end of 2014. The new changes will need to be incorporated in to plan rules by July 1, 2015.

The four specific regulatory changes that are expected to be approved and clarified this fall include:

  • A cap of EUR 100,000 on the maximum pensionable salary (less state pension offset) provided by an occupational pension plan.
  • A reduction in the maximum pension accrual rates to 1.875 percent for average pay plans and to 1.657 percent for final pay plans.
  • Additional reductions to tax-efficient contribution maximums.
  • A new net salary (after-tax) pension vehicle for those who earn more than EUR 100,000.

Given these changes, it is critical for organizations to begin this process as soon as possible.

Read the rest of our market update to review the points above and learn what additional items employers should pay attention to prior to the end of the calendar year.

 

Print Friendly

Lockton Provides Resource Guidance on Ebola

Posted by and on October 22, 2014 | Be the First to Comment

ebola1

Companies across the world are evaluating Ebola-related risk for their businesses and employees. If you have questions, Lockton has resources to help provide you answers. In general, our advice is to exercise an abundance of caution and to look to the Centers for Disease Control and Prevention and the World Health Organization for the latest information.

However, we have also assembled our latest guidance for easy access. Please visit lockton.com/Ebola for information and resources on the following:

  • Potential Concerns for Employees & Their Employees (featuring employee communication samples)
  • Prevention & Preparation
  • Risk Management & Insurance Considerations
  • Insurers Response to Outbreak
  • Examining the Risk of Ebola for Healthcare Workers
Print Friendly