Aug 21st 2009
Identity theft is a costly crime for society and for the individual involved. CPAs, who deal with personal information and whose reputation is built on trust, need to take special care to protect their clients' information and also be able to repair the damage if information is somehow compromised.
CPA Mutual Insurance Company of America realized there was a gap in the professional coverage offered to CPAs because their policies didn’t cover the loss of data and the expenses related to discovering, notifying, and repairing the damage. Working with Debix, an industry leader in identity protection, CPA Mutual has created a new professional coverage policy endorsement that covers data breach and identity theft issues as they relate to the accounting profession.
A data breach or identity theft claim is not an inexpensive loss. The potential cost of identity theft can be very large, as can the cost of remediation. While looking into creating the product, Bill Thompson, President and CEO of CPA Mutual, noted, “We realized it could be very expensive and firms needed to know this. If you get into a data breach involving 1,000 employees, the cost of notifying and making available credit reporting agencies to monitor activity on accounts, you are talking about some pretty serious money and expertise.” Of course, the cost of not correcting it is even higher.
Like any new product, it helps to understand the key terminology used in the policy. A “Data Breach Event” includes any circumstances that create an unintentional failure to prevent loss, theft, or unauthorized access to client data that is in your professional custody. This includes loss via electronic media and Internet as well as the accidental introduction of a virus into a client’s or third party’s computer, system, or network. The “Post Breach Expenses” include the reasonable costs to correct the effects of the data breach event. “Data Breach Event Services” are the notification costs and post breach expenses. By creating a policy and plan to deal with a data breach event, CPAs are given peace of mind and assistance to deal with an information loss issue.
Buying the policy doesn’t release a CPA firm from the expectation of practicing professional care. This policy does not cover electrical or mechanical failures, and requires the CPA to maintain virus and firewall software as well as complying with appropriate security standards. What it does do is gives CPAs a place to turn to limit the damage of an unintentional loss.
Whether a laptop, flash drive, or other media is accidentally lost or intentionally stolen, whether a file is sent in an accidentally misdirected e-mail or compromised due to a virus, the damage to the client’s finances and the CPA’s reputation could be significant. This policy endorsement helps to control the situation and limit the damage to all parties involved.
CPA Mutual RRG was the first CPA-owned and directed insurance company operating nationwide. CPA Mutual was established over 23 years ago to satisfy the professional liability needs of a select group of CPA firms. Coverage for Professional Investment activities, Data Breach/ID Theft and Fiduciary liability may also be obtained. We can also provide you with comprehensive Employment Practices Liability coverage which includes, at no cost to you, risk management and HR support.