We’ve discussed Terms of Service agreements in the past but a recent article in Smart Money magazine highlights some of the difficulties these and other fine print type agreements impose on the user.  Just a few interesting statistics from the article:

—The number of words in software licenses contracts has increased by 40 percent in the past 7 years.

—Transparency Labs (which is starting a web-based service designed to translate America’s largest corporate contracts into easier to understand text for free) estimates the cost of info not readily seen inside disclosures costs each household in the U.S. at least $2,000 a year.

—In a study related to research  conducted by John Marshall Law School and DePaul University regarding if the fine print is actually read prior to agreeing to it, over 90 percent of participants signed a contract saying they would do push-ups on demand and give other participants electric shocks.

While the article does not touch on fine print used in the professional liability insurance world, it certainly must exist.  In fact, we have some at the bottom of this blog. 

It’s that time of year again when predictions are made for top security threats for the upcoming year.  CNet offers up 5 key threats including malicious Android apps, utility hacking, hacktivism, e-voting security issues and increasing privacy exposures due to over-sharing of personal info via social networks.  As noted by Network World, Gartner also includes hacking as an increasing exposure in its IT predictions for 2012.  Specifically, it suggests hackers will generate new attack methods that along with new software vulnerabilities could generate a 10 percent growth in the financial impact of cybercrimes each year until 2016.  According to ZDNet, the 2012 threat predictions from McAfee also include mention of hacking and mobile phones.  Further, McAfee suggests other devices may be targeted such as GPS tracking and medical devices.  While spam may not have appeared at the top of the prediction lists for the last couple of years, McAfee does mention the possibility of spam increasing in 2012.  To review previous predictions, use the links below.

Security Threat Predictions for 2011

Security Threat Predictions for 2010

There is an interesting exchange on Eric Goldman’s Technology and Marketing Law Blog re corporate policies requiring employees to submit to their mobile phones being wiped in the event the phone is lost or stolen or the employee is suspected of compromising trade secrets.  The intriguing part of the policy is that it applies to personal phones used for company purposes, such as checking company email.  We have discussed the use of corporate and personal devices in the past in relation to what a company can control; however, this discussion raises more questions about what companies are allowed to do or even should do in relation to an employee’s personal phone. 

Click to read more ...

Ponemon Institute has released its Second Annual Cost of Cyber Crime Study (sponsored by ArcSight, an HP Company).   The study surveyed 50 U.S. larger-sized companies, e.g. companies with more than 700 enterprise seats connected to networks/systems.

Summary results include:

*Median annual cost of cyber crime is nearly $6 million, which is an over 50 percent increase from last year’s study results.

*More than 1 successful cyber attack each week is commonplace.

*Cyber attacks are typically generated by malicious code, denial of service, device theft and web-based attacks.

Click to read more ...

Companies doing business in California have until January 1, 2012 to begin complying with an enhanced data breach law that was signed by the Governor of California on August 31, 2011.  Of course California already has a data breach notification law—this new law just expands it.  The new law creates requirements for content in breach notification letters such as including a description of the incident, detailing the types of personal information exposed and offering contact info for credit reporting agencies in California.   In addition, companies are now also required to send the notification letter to the state attorney general’s office if the breach impacts 500 or more individuals in California.  Check out the Security section of our blog for more security-related news.

While security breaches at large companies, such as the recent incident at Sony, may grab more headlines, it appears the security risk facing small and mid-sized businesses should not be overlooked.  Symantec has released numbers concerning the number of targeted attacks (e.g. one malicious email targeted to one individual) experienced by businesses small and large.  Their results, from Symantec.cloud, indicate that from the start of 2010 to late July of this year, 40 percent of targeted attacks have been sent to businesses with less than 500 employees while less than 30 percent of the targeted attacks have been to companies with more than 5,000 employees.  Symantec also provides numbers by industry that suggest small and mid-sized businesses operating in the following sectors are at higher risk:  Mineral and Fuel, Non-Profit, Engineering, Marketing and Recreation.  Further, in a recent study commissioned by McAfee which surveyed 100 IT professionals at businesses with 500 or more employees, 26 percent of respondents reported targeted attacks to their data centers in the cloud as a serious concern.

Click to read more ...

The original intent of the statutory damage could be described as a way for a plaintiff to have some level of recovery after being wronged in situations where it is difficult to provide evidence of the amount of the injury.  Now, the extent of the current statutory damage’s reach appears to be broader than that, turning what was once perhaps designed as mere compensation to more of a penalty in amounts that can be difficult to qualify or manage for the defendant.  Jones Day offers a summary of the popular types of statutory damages and their effects in today’s litigation. In their article, they suggest “statutory damages now have a life of their own.” 

Are the threats of statutory damages insurable?  For the professional liability insurance world, it varies by the type of the statute and the services the policy is designed to cover.   Generally, look first at the definition of damages.  If you find an exclusion for punitive, exemplary or multiplied damages, then it raises some doubt about the coverage for statutory damages.  In addition, check for exclusions relating to the statutory damage statutes such as exclusions for violations of consumer protection laws.