By Remmie Butchko, CIC
Georgetown Insurance Service, Inc.
Silver Spring, MD
My last post discussed potential issues with General Liability (GL) insurance as it relates to damaging or destroying electronic media, information, or data that is owned by others. Because GL policies intend to cover “Property Damage,” and electronic data is no longer considered to be “Tangible Property,” such damages are typically not covered by a standard GL policy.
Another issue (gap) aside from the previously discussed damaging of another party’s data, is the obligation to protect a 3rd party’s data. Recent policy verbiage now restricts an insurer’s obligation to cover claims (and defense of such claims) regarding “access or disclosure of confidential or personal information, and data-related liability.”
So, what exactly does this mean to the average Business Owner? I will break it down into smaller pieces:
Personal Information (aka “Personally Identifiable Information”) would include failure to protect facts such as:
- Social Security Numbers
- Health Records
- Credit Card Information
- Bank Account Information
- Drivers Licenses/Driving Records
- Employment Files/Records
This can include information about employees (including their children, beneficiaries, and ex-spouses), prospective employees, customers, past customers, and independent contractors.
Confidential Information (typically corporate information vs. personal information) could include failure to protect:
- Trade Secrets
- Customer Lists
- Financial Information
Lastly, the new policy verbiage excludes claims from access or disclosure of “any other type of non-public information.” Nobody could possible predict as to where this verbiage will lead. Is a secret by the water cooler considered “non-public information?” We’ll see as time evolves.
It is clear that the GL policy has no intention of covering claims involving the Failure to Protect Information, and the solution is to procure insurance specifically intended to cover these exposures.
Because the world is rapidly changing with technology, litigation, and legislation, there currently is no standard “off the shelf” Cyber Liability Policy that will address these issues. It is important to choose the policy(s) that is best suits your needs.
These policies vary widely, so it is a conversation worth having with your agent.