The software behind websites can contain millions of lines of code. And you don’t need to look far to see how a small error can lead to a large release of personally identifiable information (PII), protected health information (PHI), or corporate intellectual property (IP).
Consider these examples from the past year:
- Citi Bike Accounts: In April, a software glitch accidentally exposed credit card and contact information (PII) of more than 1,000 customers of Citi Bike, New York City’s bike-sharing system.
- Snapchat: In December, hackers posted the user names and phone numbers of 4.6 million Snapchat users by exploiting a known vulnerability in the site’s software. Snapchat allows users to send photos that disappear in 10 seconds or less.
- Medicaid Cards: Last month, the Department of Health and Human Services in North Carolina mailed the Medicaid cards of more than 48,000 children to the wrong addresses. The cards contained children’s names and dates of birth (PII), as well as Medicaid identification numbers and the names of their primary care doctors (PHI). State officials blamed the errant mailing on a computer programming error.
Even the most experienced programmers can inadvertently create coding errors or bugs when developing software. Many of those errors are found and addressed before the programs are released. But with the massive size and complexity of programs today, it’s become common for developers to release software to the public with minor bugs or discover bugs later that need to be fixed (think of all the updates you receive to fix bugs on your cell phone apps).
A program crashing on your cell phone may not be a big deal. But what happens if a software bug in your company’s computer system ends up revealing customers’ personal information? Insurance can help. A cyber policy providing programming errors and omissions liability coverage may address a company’s damages and legal fees when errant programming causes the release of customers’ private information.
If the fear of a software error is bugging you or you would like to learn about other aspects of cyber-liability insurance, feel free to e-mail me at sdougherty@iso.com. Also, make sure to follow me on Twitter @doughertyshawn.
Stay tuned for the next blog post in our Cyber Monday Series.
Shawn Dougherty
Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.