Data breach due to incorrect email address
The data that ICT companies receive from their clients can be very confidential. Involved parties often make strict agreements about this. For instance, it may concern business-sensitive data or personal data in the context of AVG/GDPR. The following case shows what happens when something goes wrong:
A well-known fashion house wants to upgrade its Client Relationship Management (CRM) system and link it to other ICT systems and engages an ICT company for this. During the upgrade something goes wrong and an employee mistakenly sends a (source) file containing all data from the CRM system to the wrong email address. Oops. As a result, business-sensitive data from the client will get into the hands of the competitor and there will also be a data breach in accordance with the AVG/GDPR.
The client holds the ICT company liable for the damages it will suffer because of the leak of confidential data and for the supervisor’s costs/penalty for the data breach. Such claims are not covered by many policy conditions for (professional) liability. Only a few conditions offer (adequate) coverage.