WGA InsureBlog

Massachusetts has some of the nation’s most extensive requirements for the protection of personally identifiable information (PII), and on March 1, 2012, an additional provision will become effective. By that date, all companies subject to the Massachusetts Data Security Regulations must make sure that all of their service providers who have access to PII of Massachusetts residents are contractually obligated to comply with the Regulations by implementing appropriate security practices and procedures.

Many companies have been surprised to learn that they are even subject to Massachusetts’ Data Security Regulations. No matter where they are located, entities must comply with the Regulations if, in connection with employment or the provision of goods or services, they receive, process, store, maintain or otherwise have access to PII of Massachusetts. Read more…

Most companies that sell technology-based products or services purchase Errors and Omissions (E&O) Insurance to indemnify them from liability caused by the failure of their products or services. When the vendor’s products or services require access to the clients’ confidential information – and especially personally identifiable information (PII) or protected health information (PHI) – the nature and extent of the vendor’s obligations can get more complicated.

The combination of traditional E&O exposures with rapidly evolving privacy/data security exposures has created new insurance coverage and claims-handling uncertainties. As a result, technology companies that handle, store or transmit their clients’ or customers’ sensitive data are increasingly getting squeezed when they buy E&O insurance policies. Read more…