In June, The Identity Theft Resource Center (ITRC) reported that more than 25% of data breaches it has tracked year to date are paper breaches. While we frequently discuss the cost of security breaches and the legislation regarding protecting private data, the ITRC raises an important issue: not all breaches involve electronic data. Sometimes, identity theft arises from plain old paper.
The state-enacted legislation does not tend to focus on paper breaches which may limit the exposure to regulatory fines and penalties arising from paper breaches; however, new privacy/security professional liability coverage provisions may also not focus on paper breaches, limiting the amount of coverage available for this type of breach. Specifically, check for policy language limiting theft of data to electronic data or data residing on systems. For more on privacy/security coverage provisions, review the following articles and visit the privacy and security sections of our blog.