Beazley announced Thursday it has launched its flagship breach response product in Canada, which protects the personal data of as many as five million individuals per breach.
“Canada’s Digital Privacy Act, passed in 2015, will soon impose additional obligations on companies to notify individuals when their data has been breached,” notes a statement from the provider of data breach response insurance. “The Canadian regulations will impose more stringent reporting obligations, similar to those already in place in the United States and soon to be implemented in the European Union,” the statement points out.
“We’re excited to launch this offering in Canada, backed by a suite of top response providers,” says Paul Bantick, Beazley’s international focus group leader for technology, media and business services.
Ottawa’s Digital Privacy Act has been in force since last June, but mandatory breach notification requirements have been awaiting the development of related regulations to take effect.
The product, Beazley Breach Response (BBR), “addresses the growing data breach exposures all organizations face, and the potential impact on their business operations, reputation and financial standing,” reports Beazley (Beazley plc is the parent company of specialist insurance businesses with operations in Europe, the U.S., Latin America, Asia, the Middle East and Australia, and manages six Lloyd’s syndicates).
In addition, clients purchasing the BBR coverage receive access to a suite of breach response service partners who provide legal advice, computer forensics, notification and call center services, and credit monitoring for impacted individuals, the company adds.
In early March, Beazley Breach Insights 2016 showed that based on the company’s response to 2,000-plus breaches in the past two years, its specialized breach response services unit addressed 60% more data breaches in 2015 than in 2014. The concentration of incidents to which the unit responded was in the healthcare, financial services and higher education sectors.
Among other things, the company found that unintended disclosure of records (such as a misdirected email) accounted for 24% of all breaches in 2015, down from 32% in 2014, while the proportion of breaches involving third-party vendors more than tripled, rising from 6% of breaches in 2014 to 18% in 2015.
The report offered five tips to help organizations protect their data:
train employees to be aware of the information they need to protect and to avoid falling for phishing attacks and other forms of social engineering;
develop a robust incident response plan;
categorize potential data risks by threat level;
review supplier contracts carefully to ensure customer data is well-protected when it is in the hands of suppliers or vendors; and
encrypt data, particularly mobile devices, laptops and thumb drives, which are most likely to be lost.