citymeetings.nyc

Your guide to NYC's public proceedings.

QUESTION

What is the policy on vendor insurance coverage for victim notification in case of a data breach?

1:49:00

·

75 sec

Video Player is loading.

Current TimeÂ 0:00

DurationÂ 0:00

Loaded: 0%

Stream TypeÂ LIVE

Remaining TimeÂ 0:00

Â

The council member asks about the Office of Technology and Innovation's policy for vendor insurance coverage for victim notification in the event of a data breach.

The Chief Information Security Officer explains that cyber insurance policies typically include provisions for victim notification costs
She states that OTI requires vendors to have cyber insurance as a safety net for both parties
However, she clarifies that she is not an authority on specifics of cyber insurance policies

Jennifer Gutiérrez

1:49:00

And in in the event in the example of victim notification, are those pieces of like the agreement or policy that OTI works through in every specific agreement.

1:49:15

Or contract, excuse me, how, I guess, how how do we know in those instances when their insurance policy when the vendor's insurance policy is gonna be utilized for something that's important as victim modification.

Kelly Moan

1:49:30

So great question.

1:49:31

The cyber insurance landscape has also continued to evolve even speaking more broadly in the private sector realm over the last few years, especially with very well known and high profile attacks that have hit.

1:49:42

Private sector companies.

1:49:44

Mhmm.

1:49:44

Typically, again, just speaking from my experience and background, typically, when a when a private sector entity endeavors to get cyber insurance.

1:49:53

Typically, that policy does include provisions for victim notification and the relevant cost to that.

1:49:59

Okay.

1:50:01

I'm not a 100% authority.

1:50:02

I'm not a cyber insurance lawyer nor a provider, but I do know that large in part.

1:50:08

That is why we have the cyber insurance requirements for our vendors as well so that they have that backstop too.

1:50:15

Thank you.

← Previous Chapter

What steps is the NYPD taking to address deficiencies in its camera surveillance systems?

Next Chapter →

What is the process for reviewing vendors' privacy and security audits before adopting their services in NYC public schools?