Tag Archive for: Hand

Reach Of Ohio Ransomware Ruling Limited To Policy At Hand | Zelle LLP


Law360 Insurance Authority
January 19, 2022

To read this article in PDF form, click here.

We are still in the relatively early stages of jurisprudence addressing the insurability of loss stemming from data breaches.

Compared to the more developed body of case law interpreting coverage provisions and exclusions contained in more traditional property insurance policies, case law exploring coverage issues under so-called silent cyber or stand-alone cyber policies is sparse.

As such, when any new decision does come down in this arena, it sparks commentary.

This was true for the recent Ohio appellate court decision in EMOI Services Inc. v. Owners Insurance Co.,[1] in which the Ohio Court of Appeals’ Second Appellate District reversed the common pleas court’s summary judgment ruling in favor of the insurer and allowed the insured’s silent cyber claim to proceed.

The majority’s decision in EMOI has come under fire by the insurance bar for being results- oriented and ignoring precedent. Conversely, policyholder attorneys have lauded the decision, going so far as to claim that EMOI stands for the proposition that a policy insuring physical loss or damage does not require physical alteration of property.

But are these criticisms and characterizations fair? And what lessons can we take from this rare and candid discussion by a court grappling with the bounds of insurance coverage for data loss?

EMOI’s holding was dependent on very specific policy language.

In EMOI, a medical billing company sustained a ransomware attack, paid the ransom, decrypted most of its data and then sued its property insurer for claimed business interruption losses and alleged damage to computer software.

Careful review of the appellate court’s decision in EMOI indicates that its holding was entirely dependent on the unique language of the Owners’ electronic equipment endorsement contained in the policy at issue.

That endorsement covered “direct physical loss of or damage to ‘media,'” where media was defined as “materials on which information is recorded such as film, magnetic tape, paper tape, disks, drums, and cards.”

Importantly, the definition section goes on to state that “media” includes “computer…

Source…

China eyes pushing US IPO-bound firms to hand over data control: Sources


HONG KONG: Chinese regulators are considering pressing data-rich companies to hand over management and supervision of their data to third-party firms if they want US stock listings, sources said, as part of Beijing’s unprecedented scrutiny of private sector firms.

The regulators believe bringing in third-party information security firms, ideally state-backed, to manage and monitor IPO hopefuls’ data could effectively limit their ability to transfer Chinese onshore data overseas, one of the people said.

That would help ease Beijing’s growing concerns that a foreign listing might force such Chinese companies to hand over some of their data to foreign entities and undermine national security, added the person.

The plan is one of several proposals under consideration by Chinese regulators as Beijing has tightened its grip on the country’s internet platforms in recent months, including looking to sharpen scrutiny of overseas listings.

The crackdown, which has smashed stocks and badly dented investor sentiment, has particularly targeted unfair competition and internet companies’ handling of an enormous cache of consumer data, after years of a more laissez-faire approach.

A final decision on the IPO-bound companies’ data handover plan is yet to be made, said the sources, who declined to be identified due to the sensitivity of the matter.

The regulatory officials have discussed the plan with capital market participants, said one of the sources, as part of moves to strengthen supervision of all Chinese firms listed offshore.

IPO advisers are hopeful a formal framework on the data handover issue could be delivered in September, said the source.

The China Securities Regulatory Commission (CSRC) and the Cyberspace Administration of China (CAC) did not respond to faxed requests for comment.

Chinese regulators have recently put companies’ overseas listing plans, particularly in the United States, on hold pending new rules on data security.

Last month, the CAC proposed draft rules calling for companies with over 1 million users to undergo security reviews before listing overseas.

The US Securities and Exchange Commission, which oversees US-listings, did not immediately respond to a request for…

Source…

Judge rules Capital One must hand over Mandiant’s forensic data breach report – CyberScoop

Judge rules Capital One must hand over Mandiant’s forensic data breach report  CyberScoop
“data breach” – read more

This McDonald’s hack for holding your whole meal with one hand is a game changer

But did you know there’s a simple hack to make a McDonald’s on foot even easier to handle? Download the Microsoft News app for your Android or iPhone device and get news & live updates on the go. Bala…
mac hacker – read more