Information exposures within colleges and universities have many causes and are difficult to control. And even with the best systems, controls, personnel and procedures, no college or university is immune to the risk.
It only takes one small human error, or an office break-in, or a clever hacker to compromise millions of records and create potential havoc within your organization.
Essentially, a data privacy breach is not a question of "if". The only question is "when?"
The negative publicity resulting from a data breach can lead to massive reputational and brand damage.
An effective response is a complicated response. BBR Services will be with you every step of the way, providing effecting data breach protection. Numerous colleges and universities have turned to Beazley to help coordinate their response to data breaches.
Colleges and universities face complex issues when a breach occurs. You maintain personal data on applicants, students, faculty and other employees, donors, trustees, and board members, who often reside in different states with different breach notification laws. Educational institutions with health clinics may also be subject to the breach notification requirements imposed by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). These laws require time-consuming and labor intensive internal investigations, the expertise of specialized outside vendors, and can create a public relations nightmare.
The negative publicity resulting from a data breach can lead to massive reputational and brand damage. In fact, 62% of consumers said breach notification decreased trust and confidence in the organization.
*Source: Pass or fail? Data privacy and cybersecurity in higher education
The publicity and consumer dissatisfaction that surround a cyber breach have spurred a wave of class action complaints against organizations big and small. Relying on a variety of privacy laws, enterprising plaintiffs’ lawyers have filed complaints seeking billions of dollars in damages. The risk of crippling damages, and the sizeable costs of litigation, often push organizations to settle even in the absence of any clear harm to the affected individuals.
State and federal regulators have made one point clear: a significant breach of information will result in monetary penalties, onerous corrective action plans, and on-going audits. Whether through the strict data privacy and security requirements of the Family Educational Rights and Privacy Act (FERPA), or the increasing interest of state attorneys general in enforcing privacy laws, the regulatory landscape for higher education institutions carries an immense amount of risk.
Beazley, a leading insurer of technology and information security risks, has developed Beazley Breach Response (BBR), a solution to privacy breaches and information security exposures tailored to the needs of higher education.
BBR is a complete privacy breach response management and information security insurance solution which includes a range of services designed to help you respond to an actual or suspected cyber breach incident effectively, efficiently, and in compliance with the law.
- Legal services
- Computer forensic services
- Notification services for up to 5 million affected individuals
- Call center services
- Credit monitoring, identity monitoring or other personal fraud or loss prevention solutions
- Public relations and crisis management expenses
- All of the policy’s multiple limits will be available for breach response.
- Business interruption loss from security breach or system failure
- Dependent business interruption loss from security breach or system failure
- Cyber extortion loss
- Data recovery loss
- Data and network liability.
Third party coverage
- Third party information security and privacy coverage with up to $15M
- Full media liability
- Regulatory defense and penalties
- Payment card liability and costs.
- Fraudulent instruction
- Funds transfer
- Telephone fraud.
Criminal reward coverage
Not if, but when. Any college or university handling personal information will, sooner or later, be confronted with the challenge of a data breach. It's not a matter of "if" but "when".