This article is written by Riya Rathod, pursuing a Diploma in Intellectual Property, Media and Entertainment Laws from LawSikho.
Table of Contents
Introduction
According to the report of IRDA (Insurance Regulatory and Development Authority) Committee, the number of internet users in India is approximately 700 million. These users are estimated to rise in both rural and urban areas. Amid the covid pandemic there was an increase in the incidents of cyber-attacks. Due to all these factors it is very important for companies to ensure the safety of their confidential information and trade secrets. This is possible only through the way of cyber insurance policy. This article examines what confidential information is and how it protects confidential information in a contract.
What is confidential information?
Confidential information refers to all non-public material information related to business that may be written or oral, disclosed by one party to another and is capable of legal protection.
According to the Code of Federal Regulations (United States)
Confidential information is information which concerns or relates to the trade secrets, processes, operations, style of works, or apparatus, or to the production, sales, shipments, purchases, transfers, identification of customers, inventories, or amount or source of any income, profits, losses, or expenditures of any person, firm, partnership, corporation, or other organization, or other information of commercial value, the disclosure of which is likely to have the effect of either impairing the Commission‘s ability to obtain such information as is necessary to perform its statutory functions, or causing substantial harm to the competitive position of the person, firm, partnership, corporation, or other organization from which the information was obtained, unless the Commission is required by law to disclose such information.
The term confidential information has not been defined explicitly in any legislation in India. It cannot have a specific definition or confined in one box as it can mean many things depending on the factors involved. In today’s world of cut throat competition amongst business entities, “confidentiality agreement” have become an absolute necessity. The whole purpose of confidentiality agreements is to protect confidential information.
The confidential information can either be personal information or competitive-advantage information. The former refers to personal information of the employee relating to his name, address, phone numbers, blood group or fingerprints. Though such information seems not so important and common but they are very private information and must be protected confidentially. The latter one refers to trade secrets or prospective product plans which are shared to the party. The confidentiality agreements are largely created to protect the competitive-advantage agreements as these are more sensitive and require higher confidentiality.
How to determine confidential information in a contract?
Not all information is capable of being classified as confidential. The information must not be available publicly and it must be derived out of intellectual creation of the owner or something which is privileged enough to be able to qualify as confidential.
The following are the essential checklist to determine a confidential information:
- The information must generate profit in the business or it can be said that it must have some commercial value.
- The information must not be present in the public domain if it’s already present then there is no point in protecting it.
- The most important element is that the information must be capable of legal protected lest the agreement will not stand.
- The information must be kept confidential. The sending party needs to send the information in private in the first place if it wants the information to remain private.
What is cyber insurance?
Amidst the Covid-19 pandemic as the world went virtual there is seen a rise in the cases of cyber attacks and data violations. To prevent this many are investing into cyber insurance policy which covers the financial cost of cyber loss and also helps to minimize complete disruption of business from such incidents.
In legal terms, cyber insurance refers to a policy between an individual and company to protect against financial losses that are related to computer system or network based incidents. The features of an individual cyber policy are thefts of funds, identity theft cover, social media cover, cyber stalking, malware cover, phishing cover, data breach and privacy beach cover etc.
Cyber insurance policy can be availed by any person who is not a minor to ensure protection against potential threats on the internet. The policy covers the financial cost of the individual along with the prosecution or defence cost that may incur. Some policies also provide mental counselling sessions to the person who have been a victim of cyber attack to help them get out of the trauma of such incidents.
Before delving deeper into how cyber insurance protects confidential information in a contract, let us first understand what is a cyber attack.
Cyber Attack
As per Insurance Regulatory and Development Authority of India(IRDAI) cyber attack is fraudulent, malicious or dishonest:
i) causing or use of a security breach.
ii) disruption or overload of the Insured’s system by a third party for any purpose.
In other words, cyber attack is any unauthorized access to a computer or computer network with the intention of causing damage. The motive of attack is to steal, delete, disrupt, manipulate the data stored in the computer system. The cyber criminals use different ways to gain access and exploit a computer system. Let us know see what are the most common kinds of cyber attacks which cyber criminals commit:
Kinds of cyber attack
- Phishing: This is the most common type of cyber attack where the attacker tries to incite the victim by sending them an email that looks like it is from a trusted entity and then lures them into sharing their password, credit or debit card details, aadhar card, pan card etc. The phishing attacks are on the rise because of the fact that it is easy to carry out.
- Malware: Malware is a term which applies to malicious software that invades into the computer system in order to get access to credentials or important files, disrupt the system or extort the victim. It enters the system when the user clicks on an unsafe link or email attachment. Ransomware is the most infamous form of malware which encrypts a person’s file and asks them to pay ransom in order to get back the access to the data.
- SIM Swap: In these attacks the original SIM of a user is cloned which then becomes invalid. After that the duplicate SIM is used to access one’s online bank account to transfer funds.
- Man-in-the-middle attacks: When the attacker inserts themselves into a two-party conversation in order to filter and steal the data. These kinds of attacks are likely to happen on unsecure public wifi.
How does cyber insurance protect confidential information in a contract?
Cyber insurance are products designed to protect businesses from possible effects of cyber-attacks. It helps in mitigating risk exposure after a breach has happened by providing financial cover. The cyber insurance policy protects from various emerging cyber risks which an internet user has to face. One of the major challenges with the business entities nowadays is the protection of confidential information in a contract.
The confidential information is information which requires protection owing to their sensitive nature. They play an important role in the company affairs and are not generally available to the public. Cyber insurance policy helps in protecting the confidential information by addressing various liabilities arising from a claim. The insurance provides damages to the insured. It also provides investigation and defence costs. They also impose regulatory fines and penalties on the party who has breached such private information.
Confidential information is part of all the major agreements in today’s world. To protect such information the cyber insurance has become the need of the hour which not only acts as the shield but also provides for loss in circumstances of cyber threats. The cyber insurance policy has come to the rescue of many organizations by covering all the issues which they had to face in the course of their business. They provide litigation costs which usually is the most time-consuming and tedious process of all other expenses. The insurer also provides counselling sessions in cases where the individual had to go through a lot of stress and trauma after the cyber attack has occured.
Conclusion
It is very unfortunate that cyber attacks and data branches are becoming very common these days. It has resulted in heavy fines and legal fees in the process of recovering the information and protecting the insurer. To the rescue of all, insurance companies have developed a product called cyber insurance policy that not just protects all the confidential information but has also made the process of recovering damages quite convenient. Cyber insurance covers the business liability for a data breach involving sensitive customer information, future product information etc.
Cyber insurance is the means to cover the gap between traditional coverage and current needs. Traditional insurance policies do not cover confidential information in digital contracts. It could lead to exposing the organization’s digital asset and cause them to lose their data. Cyber insurance is the need of the current digital world as the digital space is prone to more risk. However there is a need of awareness among the people so that they understand the importance of cyber insurance cover and protect their crucial data from being breached.
References
- Cisco. (n.d.). What Are the Most Common Cyber Attacks? https://www.cisco.com/c/en_in/products/security/common-cyberattacks.html
- Javaid A. (2021, January 29). What is Cyber Security Insurance Policy? Jagran Josh https://www.jagranjosh.com/general-knowledge/cyber-insurance-policy-1611919924-1
- Javaid A. (2021, January 29). What is Cyber Security Insurance Policy? Jagran Josh https://www.jagranjosh.com/general-knowledge/cyber-insurance-policy-1611919924-1
- Gardener, E. (2017, November 16). What is confidential information https://www.everynda.com/blog/what-is-confidential-information/
- Cornell Law School. (n.d.). 19 CFR § 201.6 – Confidential business information https://www.law.cornell.edu/cfr/text/19/201.6
- Javaid A. (2021, January 29). What is Cyber Security Insurance Policy? Jagran Josh https://www.jagranjosh.com/general-knowledge/cyber-insurance-policy-1611919924-1
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: