Show Menu

Takeaways for Security Providers Cheat Sheet by

Takeaways for Security Providers
security     contracts     takeaways     provider     tip

Introd­uction

After three weeks of testimony and arguments, a federal jury trial recently disposed of subrog­ation claims by National Union Insurance against Tyco and ADT. The claims sought recovery following a $42 million pharma­ceu­tical heist.

The case raises a number of important lessons for security providers. For the full details, read the extended version of this article at www.se­cur­ity­inf­owa­tch.co­m/1­220­8788. It’s a fascin­ating case, especially to those in the electronic security industry.

While Tyco ultimately prevailed, the whole point of an alarm services agreement is to keep you out of court or at least away from the jury. That didn’t work here. The case presents an opport­unity to consider a number of important legal issues for all security providers. Here are a few:

Takeways 1-2

1. Does you contract explicitly cover goods and services you provide after the contract is signed? I ask this first question because Tyco and Eli Lilly entered into a commercial services propos­al/­agr­eement in 2004 for the instal­lation of equipment. Following the initial work under the contract, Tyco may have modified the security system or provided other securi­ty-­related equipment or services at the Eli Lilly facility, including performing at least one security survey.

It certainly is not unusual for a security provider to provide additional equipment or services after signing an agreement with a subscr­iber. I’m just not sure Tyco’s agreement addressed that issue (in my opinion, it should have). Here’s why: National Union’s theory of the case was premised on an alleged data breach into Tyco’s computer network, resulting in the gang obtaining access to Eli Lilly’s confid­ential inform­ation, including the security survey.

The 2004 contract had a fairly compre­hensive risk allocation clause protecting Tyco. Among other things, the clause explicitly required Eli Lilly to waive National Union’s subrog­ation rights. Nevert­heless, the court refused to apply that clause to the data breach or any of the work performed after the contract was signed because, the court reasoned, the breach and subsequent work were beyond the scope of the contract.

The lesson here is to make sure your contract includes a provision that subsequent goods and services are covered by your initial contract.
 

Takeaways 2-4

2. Does your subscriber agreement address data breach and subscriber confid­ential inform­ati­on? Perhaps it should. If the Tyco agreement defined the scope of Tyco’s obligation with respect to Eli Lilly’s confid­ential inform­ation AND included exculp­atory language that limited Tyco’s obliga­tion, the court may have applied the clause to dismiss the case before trial. Does your exculp­atory provisions address data breach? I bet they don’t.

Do you know what law governs confid­ential data you may have? If you use a third-­party monitoring facility, have you indemn­ified the facility if it misuses confid­ential subscriber data? I bet you have. How do you intend to protect yourself on this issue?

3. In today’s digital age, how do security providers best protect against data breach claims? This is a legal issue, an insurance issue and an IT issue. At a minimum, make sure you service agreement deals with data breaches.

Do you have a privacy policy? You should. Does your contract define your obligation with respect to a subscriber confid­ential inform­ation? Do you have cyber liability coverage?

Most commercial insurance policies do not cover data breaches. That means you are on your own if you are involved in one —that means no insurer paying for your lawyers, or for settlement or the judgment.

Are you totally confident your network is adequately protec­ted? There are only two types of companies today — those with data breaches and those that don’t know they have data breaches.

4. Does your contract include a waiver of subrog­ation and does it apply to all claims or just some claims? The biggest surprise to me was that the court refused to apply the waiver of subrog­ation to this subrog­ation claim. Based on the court’s 68-page summary judgment opinion, your subrog­ation waiver should explicitly apply to claims that arise outside the contract. Does yours? I recommend you have a knowle­dgeable industry profes­sional review your contracts.

Is your company using a form of agreement first drafted when Jimmy Carter was presid­ent? Do you even know when the form was first written? The time and expense of updating your contract with a modern version pales in comparison to the cost and expense of defending against a lawsuit. Don’t be penny wise and pound-­foo­lish.

Download the Takeaways for Security Providers Cheat Sheet

1 Page
//media.cheatography.com/storage/thumb/davidpol_takeaways-for-security-providers.750.jpg

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!

 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          More Cheat Sheets by Davidpol

          Naming Conventions: ICD-10 Coding Systems Cheat Sheet
          Reducing Psychotropic Polypharmacy Cheat Sheet