Unpacking the Data Suitcase

It is common these days to hear people talking about “information overload.” The staggering speed at which digital information is being generated has sparked creativity and innovation among IT professionals, as they struggle to craft solutions that effectively manage their digital data. Consequently, new technologies have emerged in the marketplace at an astonishing rate, offering business tools to store, sort and access information. The Knowledge Era has led to the need for effective tools to manage incoming information. It has also changed the ways in which we share and communicate with one another. Cloud computing, mobile applications and social networking have all surfaced in response to this information age. Along with these new technologies come new risk and liability concerns for IT professionals.

Data storage capacity is just one of these concerns. According to IDC, in 2007, the amount of digital information created surpassed the storage available. SaaS (Software as a Service) and “cloud computing” platforms have evolved from this need for additional capacity. Cloud computing is Internet-based computing, in which software, resources and information are available on the Web and on demand. These services solve storage issues for many enterprises and increase access to information. Other benefits include reductions in hardware, software and infrastructure expenditures. However, these services are vendor-managed; companies must be aware of the risk and evaluate their comfort with allowing third parties to control their sensitive and confidential information. The lack of implementation of internal software, an important feature of cloud computing, does reduce the risk associated with defect breaches in the installation of infrastructure and software. Nevertheless, cloud computing increases data breach concerns, in addition to the possibility that private information will be compromised.

Reflecting the increasing pace of incoming information, an expectation now exists that data should be available anytime and anywhere. Smart phones have contributed to this effect. And application development for mobile devices is a growing industry, one that is expected to more than double in the next couple of years. One of the fastest growing areas is m-commerce: the ability to make transactions over a mobile device. Current uses of this technology include buying goods, purchasing tickets, mobile banking and investing, loyalty program participation and coupons — all from the convenience of a mobile device. In the future, e-wallets are likely to replace traditional wallets, enabling access to all needed information via a mobile phone.

As with traditional forms of information and transactional services, the issue of security, privacy and integrity of information and transactions being exchanged between two points remains a key concern. Although undoubtedly a convenient way to access and share information, the open platform functionality creates higher exposure to unknown or untrustworthy applications that may cause damage to the end user, the device or the network. Wireless signals are more easily intercepted. This, combined with the limited memory and computer power of most mobile devices, creates more vulnerability to data theft. The mobility of confidential information creates a significant responsibility for a company to properly secure data.

With the emergence of Web 2.0, communication has become more immediate, interactive and uncontrollable. Texting, emailing, social networks and mobile markets have exploded in popularity. Facebook, which boasted more than 20-million users in April 2007, now claims to have 400-million subscribers. Twitter reports that more than 55-million “tweets” are sent every day. Companies are starting to leverage these new marketing opportunities by replacing traditional advertising with links to social network groups and industry blogs, or maintaining interactive Web sites. As they do so, they must remain aware the content they disseminate, even if posted to their Web sites by others, exposes them to the risk of personal injury (libel, slander) and intellectual property infringement claims.

Governments recognize the need to protect consumers in the event of security and privacy breaches. In the United States, 46 states have enacted laws making notification mandatory for a breach of security. Canada is following suit. Recovery of compromised records typically ranges between $100 and $300 per record. But the greater risk to the company is often the loss of productivity or loss of clients.

These are a few of the challenges companies manage on a daily basis. Despite policies and practices designed to reduce, control and monitor risk, an essential part of their strategy must address minimizing the financial impact of increased exposure. Every technological solution presents different potential exposures to loss; often the standard professional liability coverage is not enough. This has led to the development of new insurance products that address some critical coverage missing from the average policy traditionally available in the marketplace. These new policies, often termed “cyber-liability policies,” address first-and third-party risk associated with e-business, Internet, network and information assets. Some examples of new coverage include:

Network Security

For liability arising out of security breaches.

Privacy Breach

For liability arising out of the inherent risks of collecting and storing protected personal information of individuals due to breach of a business’s computer system.

Privacy Breach Expense

Coverage for the insured company (first-party coverage) when personal protected information has been released due to a security breach. It can also include coverage for notification, crisis management, regulatory and credit monitoring expense.

Information Assets

Coverage for expenses incurred in recollecting or restoring information in the event of a security breach.

Business Interruption

Coverage for loss of income and/or extra expense arising from a Web site outage.

Electronic Media/Internet Media

Coverage for liability for personal injury and intellectual errors stemming from content disseminated by a company and information disseminated by others on the insured company’s Web site.

Intellectual Property

Coverage for certain intellectual property infringement including misappropriation of copyright, domain name, trademark, trade name, trade dress, trade secret, service mark, service name, title or slogan. It may also include piracy, certain plagiarism or misappropriation of ideas by a third party.

———

Cloud computing, mobile applications and social networking have emerged, creating new concerns for IT professionals. One is data storage capacity.