There has been a lot of discussion recently about new federal privacy laws and how businesses must make sure their customer data is secure. It may not be something you often think about, but it is very easy for that data to be compromised.
Here are some common occurrences:
These things can and do happen. They are a technological and public-relations nightmare for the businesses involved. They will also likely turn into lawsuits against the firms for mishandling customer information. Without financial protection against these types of events, a business could go bankrupt. These situations raise insurance concerns that were virtually unheard of 10 years ago.
How can you be protected?
The use of sophisticated computer networks for storing data has caused the insurance industry to develop products to cover businesses against liability for lost customer information. One product is the electronic data liability policy. Its purpose is to pay for a firm’s defense when customers sue for allegedly failing to safeguard their information, and to pay any resulting settlements or judgments against the firm.
The policy covers the firm’s liability for “loss of electronic data” caused by an “electronic data incident.” That could be an accident, a negligent act, error or omission, or a series of these. Some examples of the types of incidents this policy might cover are:
What Is Covered?
Coverage applies on a ‘claims made’ basis. This means the policy will cover incidents that occurred on or after a specific date stated in the policy and reported to the insurance company during the policy period. For example, assume that a policy has a term of Jan. 1, 2008 to Jan. 1, 2009, and it lists Jan. 1, 2005 as its retroactive date. On Sept. 30, 2008, the firm finds out that hackers broke into its systems in the summer of 2006. It reports the incident to the insurance company that day. The policy would cover this claim because it occurred after the retroactive date. This would not be true if the break-in happened in 2004, before the retroactive date.
To keep the policy’s cost down, it does not cover several types of losses. For example, it doesn’t cover losses caused by theft or unauthorized use of electronic data by past or present employees, temporary workers, or volunteers. The policy will not provide coverage for the acts of the previously mentioned disgruntled employee. It also does not cover losses arising out of a firm’s providing ‘computer products or services.’ These include, among other things, installing or repairing computer equipment and software, storing data for others, providing Internet services, and providing communications services to others. It also does not cover acts such as alleged copyright or trademark infringements.
While the policy covers claims reported during the policy period, it has a special provision to give additional time for reporting. The insurance company will treat claims reported within 30 days after the policy expires as if the policyholder reported them while the policy was in force. For an additional premium, the company may extend the reporting deadline to three years after the policy expires. However, this additional premium can be up to 100% of the original premium.
High-speed computer networks have given today’s business owners opportunities they have never had before. However, these opportunities have come at the cost of higher risks with potentially large consequences. Any firm doing business over the Internet or private networks should discuss electronic data liability coverage with an insurance agent. n
John E. Dowd Jr. is a fourth-generation principal of the Dowd Agencies, a full-service agency, with four offices in Western Mass., providing commercial, personal, and employee benefits; (413) 538-7444
