Cyber Liability Lessons from Edward Snowden


By: Jonathan Kandel  
Edward Snowden has been the “gift that keeps on giving” for the U.S. Government.  Snowden, a former contractor employee for the NSA (National Security Agency), began leaking highly classified documents related to the NSA’s methods of intelligence gathering.  Most recently, Snowden disclosed that the NSA “spied” on several close allies, including German Chancellor, Angela Merkel.  Like his previous disclosures, Snowden’s newest information has created a public relations nightmare for the U.S. Government.
So what does this have to do with cyber liability?  At this point, most companies are aware of the potential legal risks associated with a data breach.  If you are not, please read our previous posts on the subject: Data Breach Liability – Are You Prepared? Data Breach Rising Liability Concern For Businesses October is Cybersecurity Awareness Month.  To reduce the legal risks, many companies have purchased cyber liability insurance.
Edward Snowden is a good reminder of one of the largest factors affecting a company’s cyber risk – employees.  According to a 2012 global information security survey, incidents of employees losing data rose by 25 percent last year.  Most often, these incidents are the result of well-intentioned, but careless employees.  That said, cases involving employees intentionally disclosing or using data inappropriately are all too common as well.  Fortunately, there are fairly easy ways to reduce both kinds of risk.  First, make security compliance as easy as possible for employees.  For example, automatically encrypt all company data that employees access on their mobile devices.  Second, implement or update your confidentiality agreements.  Two years ago, Georgia expanded the enforceability of confidentiality agreements and other restrictive covenants.  If your company has not updated its agreements in the last year or two, now is a good time to consider revising them.  The beginning of the year is always a good time to have employees sign updated agreements.
The Snowden saga is also a great example of the non-legal risks associated data breaches.  Anyone who has watched the news over the past few months has seen the collateral damage the U.S. Government has incurred from the Snowden leaks.  While the majority of private companies do not risk being exposed for conducting espionage, there is no question that a data breach can create a public relations nightmare for a company.  Data breaches carry risks of reputation damage as well as lost customers and partnerships.
Obviously the risks vary by industry and company.  As such, one size does not fit all.  That said, every company should regularly discuss data security, the potential risks, and the most appropriate precautionary measures.