LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Records management insurance
From:	Frederic Grevin <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Wed, 17 Sep 2014 18:00:57 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (63 lines)

Kobi, there's a little more to this than may appear to you.

Standard insurance policies today do NOT usually cover "data breaches" so, unless Boston Architectural College has a specific policy as part of its overall insurance system, you are not covered.

I suggest you carefully read your contract with Access before you say "I would think that the service provider would be liable for any leaks since they have physical custody of the records". I suspect the contract states Access is NOT liable. In fact, you may be somewhat horrified to discover that Access is liable for very little of any risk (including, for example, total destruction of your records by fire or flood).

And it doesn't matter whether the records are paper or electronic.

Several years ago, I wrote the Scope of Work for the New York City-wide off-site storage contract, and the insurance requirements included this provision:

"15.4.3. Security and Privacy Insurance with limits of at least $250,000 per occurrence and $1 million aggregate. The City, together with its officials and employees, shall be named an Additional Insured."

"15.4.3.1. NOTE: While Security and Privacy Insurance may have begun as specifically applicable to "cyber exposure", according to insurance industry information, it is today more generally-applicable to the unauthorized release of information, regardless of the medium on which that information is carried (see, for example, http://www.zurichna.com/zna/products/product/securityandprivacy.html). This insurance needs to cover the consequences of the unauthorized release of information."

So, unless (a) Boston Architectural College already has an insurance policy covering this type of exposure, and/or (b) the incremental cost is outrageous (as compared to the estimated value of the records in storage in terms of privacy requirements), you may be better off going with the insurance coverage provided by Access. I have read that the current (2014) cost of data breach notification (and remediation) is about $45.00 per person, so do the math ....

I hope this helps, and if you need more information, please feel free to contact me directly.

Best regards,

Fred

------------------------------------------------------------------------------------

Frederic J. Grevin

Vice-President, Records Management

New York City Economic Development Corporation

www.nycedc.com<http://www.nycedc.com>

[log in to unmask]<mailto:[log in to unmask]>

212-312-3903 (w)

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US