Telcom Insurance Group

Telcom Insurance Group
Underwriting Coverage & Analysis Session Presented by: Peter J. Elliott, CPCU, President & CEO Telcom Insurance Group Owned by Those we Serve

Topics Covered Social Media Defined Exposure and Coverage
Director and Officer Review Theft of Services Contractual Pitfalls

Social Media Defined Social Media Use…What Are Some of the Applications? Blogs Facebook Twitter YouTube and Embedded Video LinkedIn Flickr (photo sharing)

Social Media Facts Amazing Facts
Facebook claims to have more than 600m users as of January The US population, according to the last census data is 311m. According to WhiteboardAdvisors.com there were 152m blogs on the Internet at the end of 2010. England’s Queen Elizabeth II, added a Facebook account in 2010 to compliment her Twitter, YouTube, Flickr and Website.

Social Media Benefits Amazing Media Benefit
The exponential growth of social media offers organizations the chance to join a conversation with millions of customers around the globe every day. Taken from Harvard Business Review - “The New Conversation: Taking Social Media from Talk to Action” Marketing should be moving from talk at our customers to talking to them in conversation, electronic, format where instant feedback is welcomed. The feedback allows for instant feedback on products, services, and brands that in the past were slow to develop.

Social Media Business Strategy
Common Strategies for Business Social Media Use: Twitter - to get news in front of reporters and news outlets LinkedIn - place where salespeople post scholarly articles and share to enhance their image Facebook - focuses in on the companies social responsibility effort Blogs - interactive exchanges with customers

Social Media Business Strategy
Common Strategies for Business Use Facebook - branded pages of products Blogs - companies provide their products to users with heavy followings in hopes of getting a favorable review and promotion “Identification” with a product leads to loyalty.

Social Media Use by NTCA Members
Social Media Use…What Are NTCA Members Using? Data from NTCA 2010 Social Media Survey Blogs % Facebook % Twitter % YouTube and Embedded Video - 20% and 31.2% LinkedIn - 4.6% Flickr - 3.1%

Social Media Exposure Exposures associated with social media use can be broadly categorized as: Privacy Security Intellectual Property Employment Practices Legal Risk Risk can be: Reputational Legal Operational

Social Media Reputational Risk
The speed of sharing is the concern. For example: In 2009, two employees of a national pizza chain made a prank video where they tainted a sandwich, that appeared to be for delivery to a customer, and they posted it on YouTube. It drew a million viewers. That buzz or “trending”, also known as going viral, caused it to appear on Twitter. The negative publicity hit the chain hard. The company launched their own Twitter account to counter the negative buzz. When searched, the first hit however, was still the prank video.

Social Media Reputational Risk
Reputational Claims Examples: A company employee could attend an industry conference, snap a picture of a competitor behaving badly at a cocktail party and then post that picture to Facebook. If the competitor sees it, they could sue the company the employee works at for reputational harm. This could be a third-party employment practices claim for harassment.

Social Media Legal Risk
Statistically speaking… LinkedIn and Facebook - human resource departments make use of online information on potential hires or employees in line for a promotion. The Allentown Morning Call Newspaper reports from a study that 70% of recruiters and hiring managers in the US have rejected an applicant based upon online findings. The same report states 1 in 5 employers have disciplined or fired an employee for social media misdeeds. Failure to secure consent could lead to legal violation of the Fair Credit Reporting Act. Some states prohibit credit use in hiring-IL, OR, HI, and WA

Legal Claims Examples: A company who monitors use of their employees computers reprimands an employee for unprofessional communication that was not on the company server and the content was not public. The employee alleges harassment and that the employer violated the Electronic Communications Privacy Act. This is a first-party employment practices liability claim.

Examples: If a potential employee is offered a job with a company, and posts on his Facebook page that the company pays well but is boring, a human resources representative at the company sees the posts, and withdraws the offer, the potential employee could sue for wrongful failure to hire.

Legal Claims Examples: An employee using a company computer on a social media site accidentally downloads malware. Company data is breached. Customers information is in unauthorized hands and legal action follows. The claim is the company did not have proper safe guards for preventing malware. A claim could be presented against a network security and data liability policy of coverage if it was purchased for the failure to live up to legal standards.

Company Staff Responsibility and Risk The NTCA 2010 Social Media Survey, commonly reports that marketing staff of the telecommunications companies handle posts on Facebook, Blogs, and Twitter. Posting or re-posting information of others can lead to allegations of a breach of intellectual property. Familiarity with the Digital Millenium Copyright Act and the safe harbors that allow hosting of material of others on website is also critical. Claims from an IP breach may be covered under the minimal coverage for AI in the CGL or may fall into a stand-alone, rarely purchased, IP policy.

Social Media Operational Risk
Claim Possibilities Accessing social media sites from a company computer opens a business and their network to malware, virus, and spyware. Facebook and Twitter are known for having issues with these electronic challenges. With larger companies that transact a good amount of e-commerce a risk of a spoof site exists. Failure to act upon discovery could mean negligence, breach of a contract or a violation of a regulation.

Claims Examples: Other scenarios that would be covered include workplace bullying via a social media site. If an employee posts harsh words about a new hire on a Facebook, other employees "like" the post, and add additional negative comments, then the new employee could sue the company for fostering a hostile work environment.

Claims Examples; When exempt employees communicate after hours with non-exempt employees through a social networking site, they chat on Facebook, the employer could be open to wage and hour violation allegations if work is in any part the topic of the posts.

Insurance Coverage - Liability Social Media
Could someone… Liable another? Harass someone? Discriminate? If so, what coverages might apply? CGL: AI/PI/Breach EPLI NSDL

Insurance Coverage - Liability
Commercial General Liability Bodily Injury Broad and Narrow Definition (Coverage A) Property Damage (Coverage B) The insurance company has the right to defend any suit against the insured seeking damages on account of such bodily injury or property damage, even if any of the allegations of suit are groundless, false or fraudulent, and to make such investigation and settlement of any claim or suit as it deems expedient.

Insurance Coverage Does PD Offer Protection For 3rd Party Breach Exposure? Commercial General Liability, which covers BI/PD, does not offer much protection and suffers from the following flaws- PD is limited to coverage from loss to tangible property, subcontractors are not automatically part of the named insured definition on most policies, and there is no claims trigger for financial loss only that is not part a result of a covered allegation.

Commercial General Liability Personal Injury (Coverage C) This insurance coverage protects against false arrest, detention or imprisonment, or malicious prosecution; libel, slander, defamation, or violation of right of privacy; and wrongful entry, eviction, or other invasion of right of private occupancy.

Does PI Offer Protection Against Social Media Concerns?
Insurance Coverage Does PI Offer Protection Against Social Media Concerns? Commercial General Liability, which covers PI, offers limited protection and suffers from the following flaws- the PI section of policies does not cover damages due to failure to protect data, the coverage territory might be limited to the US only, subcontractors are not automatically part of the named insured definition on most policies, and there is no claims trigger for financial loss only that is not part a result of a covered allegation.

Commercial General Liability Advertising Injury (Coverage D) "Advertising Injury" means injury rising out of an offense committed in the course of your advertising activities, if such injury rises out of libel, slander, defamation, violation of right of privacy, piracy, unfair competition or infringement of copyright, title or slogan. Limited protection is provided, but there is a distinct difference in coverage here and for true intellectual property allegations.

Insurance Coverage - EPLI
Employment Practices Liability Employment Practices Liability is an exposure to legal liability caused by an employee, past employee or potential employee claiming their rights have been violated. It is not Employee Benefits Liability

EPLI covers four types of claims Wrongful termination Sexual harassment Discrimination Workplace torts What is first and third party exposure?

Key Terms and Concepts Definition of Employee First and Third Party Exposure Hammer Clauses Individual v. Aggregate Limits

One insurer is introducing a Social Media endorsement on the EPLI form The endorsement defines social media and workplace bullying, expands the definition of a wrongful act to include workplace bullying and offers new social media coverage under third-party liability. The key element of the endorsement is the expansion of the third-party liability coverage. How do our policies with GAIC and Hartford respond?

Social Media Use…Our EPLI Carriers Respond Hartford - While we don't have a Social Media endorsement to the EPL, our policy, as is, would already respond to the failure to hire and hostile work environment scenarios described.

Social Media Use…Our EPLI Carriers Respond Great American #1 They're not giving much new coverage other than a new $100K sublimit for defamation, libel, and, invasion of privacy from a third party from use of social media which would typically fall under a CGL policy. The remainder of the claim scenarios they outline would typically fall under one of our existing EPL named perils. As respects to workplace bullying, if it is a non-physical bodily injury issue, then it would typically fall under the existing workplace harassment named peril on the policy. Only the defamation examples would appear to be true expansions of coverage.

Social Media Use…Our EPLI Carriers Respond Great American #2 We have yet to see the actual wording on the endorsement, so it's hard to exactly compare our coverage to theirs. Given the examples below, I would think the third party defamation, libel, and invasion of privacy from use of social media would typically fall under a GL policy. The remainder of the claims scenarios sound like they would typically fall under one of our existing EPL named perils (a copy of the wording used in our EPL form is attached, but it's very similar in all of our forms). Therefore, would not be subject to a sublimit. I hope that helps, should you have any questions please let me know. See attachment in the additional recourses section.

Insurance Coverage - NSDL
What is the Network Security Risks Data that could be Breached Credit Card Information on Customers Social Security Numbers - Employees or Customers Bank Routing Numbers - Employees and Customers Drivers License Data - Employees Credit Reports- Employees or Customers Background Checks - Employees

1st Party - An entity has an insurable interest in property and, in the event of damage, will have direct loss of value and potentially indirect financial loss of use or lost income. Examples of 1st Party Property with Data/Network Exposure Computers and Peripheral Devices Networks Data/Records/Paper

What Coverage Is Available For 1st Party Exposure? Computers (Hardware and Software) and Peripheral Devices- Most insurers offer coverage via their property form or a specialized computer form. Coverage will be for owned, leased or, rented equipment. The covered causes of loss are the typical broad coverage, but most specialty forms add electronic disturbances, accidental breakage, dust damage, temperature change, malicious code or intrusion, and electronic vandalism, which means damage from a hacker. In the event of a loss, coverage normally pays on a replacement cost basis. Most forms address data or media separately, as this is more intangible property.

What Coverage Is Available For 1st Party Exposure? Networks Servers, Phone Systems, and Copying Machines Most insurers offer coverage via their property form or a specialized computer form. Coverage will be for owned, leased or rented equipment. Pay careful attention to where these are covered because a few forms will not provide the broadened coverage on these items. The covered causes of loss are the typical broad coverage, but most specialty forms add electronic disturbances, accidental breakage, malicious code or intrusion, and electronic vandalism, which means damage from a hacker. In the event of a loss, coverage normally pays on a replacement cost basis.

What Coverage Is Available For 1st Party Exposure? Direct to Indirect Loss on Computers and Networks When a specialty form is used, is it tied via policy construction back into the indirect loss of use or income protection? Often policy constructions does this. BPP EDP AR BI/EE

Insurance Coverage What Coverage Is Available For 1st Party Exposure?
Data and Media Coverage Software is covered by most forms, but by strict definition, that means the cost of the program will be reimbursed and not the value of the data or the time and labor to populate the program to make it useful. Pay careful attention to how your policy is worded in this area. Even if media is covered, is the time and effort to duplicate the data covered? Remember, policy construction is very important. If you do not have the hacker related peril coverage, do you really have much protection? Finally, does your policy cover data of others and is that important?

What Coverage Is Available For 1st Party Exposure? Data and Media Coverage Offsite Scheduled locations are a normal way to determine if a policy will respond to property losses. If you utilize back-up tapes, where are they stored? If you do not have media/data coverage, don’t be concerned, you are only going to be reimbursed for the value of a blank tape. If you do have the proper coverage, is there off premise coverage, and does it include time and labor to reproduce the data? Keep in mind the coverage perils if you back up to another server offsite without hacker related coverage the grant of protection to unscheduled location does little good.

What Coverage Is Available For 1st Party Exposure? Voluntary Parting Standard policies have an exclusion of coverage if you voluntarily part with property. High-end specialty forms will offer protection for this type of loss and the use of a fake certificate of encrypted signature to gain access to a network. Is it possible to develop best business practices to eliminate or reduce this exposure?

What Coverage Is Available For 1st Party Exposure? Access to Your Network is Blocked/“Denial of Service” If your policy has proper coverage, meaning the damage done would be covered by the hacker related peril and the ensuing loss of income or extra expense to unblock the network would be covered.

What Coverage Is Available For 1st Party Exposure? Cyber Extortion Only high-end policies offer protection against threats made by third parties that, unless they are paid off, they will destroy, damage or corrupt your website, intranet, network, computer system, program or data.

What Coverage Is Available For 1st Party Exposure? Regulatory Proceeding Expense This is not coverage for fines in the event of a breach, but instead it offers protection against the cost of a regulatory or government agency seeking information on an alleged violation of privacy regulation. This is an extra expense, but fines and the cost of research by a third party etc. are not covered by standard policies.

Insurance Coverage What Coverage Is Available For 1st Party Exposure?
Crisis Coverage Expense Pays the expense of retaining a PR firm to help mitigate damage to the company reputation and brand. Notification Expense Pays the expense incurred to comply with privacy regulations.

Insurance Coverage What Coverage Is Available For 3rd Party Exposure?
Network and Data Liability coverage is available. It will pay for damages incurred by claimants from a breach and expense incurred due to the violation. It will also cover the regulatory fines from failure to abide by laws and regulations and this will include CPNI, Cable TV Operators and any applicable state issues. Generally, punitive is covered if allowable by state law. It is more than identity theft which is a veneer of protection. ID theft is partial help after a loss of data but not protection before an event happens.

Insurance Coverage What Coverage Is Available For 3rd Party Exposure?
Network and Data Liability standard coverage exclusions include; fraud, SEC violations, fiduciary claims, RICO and collusion events, ERISA, EPLI, D&O, insured vs. insured, war, terrorism, pollution, and BI/PD.

D&O or D&O&M Right? A Contract: whereby one party undertakes to indemnify or guarantee another against loss by a specified contingency or peril. "Insurance" comes from the Latin word for "Security". The word "Policy" comes from the Italian language meaning "Promise". Properly named as Executive Liability- Three Parts D&O, EPLI, and Fiduciary Protection

Insurance Coverage - Executive Liability
Directors and Officers Liability Insurance Insurance that protects directors and officers from liability claims arising out of alleged errors in judgment, breaches of duty, and wrongful acts related to their organizational activities. Most lawsuits don't come from shareholders, but from creditors, contractors, competitors, government bodies, employees, and anyone else who might be affected by the decisions of directors and officers. Contrary to popular belief, these groups account for more than 50 percent of lawsuits covered by D&O liability Insurance.

Claims Examples: Executives of the firm are alleged to be involved in price fixing. The firm’s board refuses an offer to buy the company and stakeholders allege it was a wrong decision. It is alleged that executives at a firm infringed in the intellectual property assets of another firm. A partner of a joint venture alleges that an officer of the other firm breached their duty of loyalty and care to the JV.

Policy Forms Policies are written for non-profit organizations, privately held firms and publicly traded companies on different forms. With the exception of non-profits the D&O’s coverage under a private or public policy form are virtually protected with the same coverage. This follows the concept that even though many regulatory standards are set for public traded companies, SOX, the standard of care still applies to privately held organizations. Entity coverage differs where publicly traded firms normally have security claim protection.

Not for Profit Companies with D&O Beyond Most not for profit policy forms will extend coverage, often without any additional reporting, to D&O’s that are asked or required to serve on boards of other local not for profit organizations because the exposure is positive to the first firm. What happens when the request is to serve on a for-profit firms board?

Directors and Officers Liability Insurance Coverage A - Protects Directors that are not indemnified by the Entity-Side A Supplemental- Retention $50,000 for Side B and C Coverage B - Covers the Entities obligation to indemnify the Directors and Officers via by-laws or state law Coverage C - Entity Coverage- Protects the entity itself Side A Towers v. Entity Coverage Issue

Duty to Defend The term “duty to defend”, was coined by the courts to refer to an insurer’s promise, as specified in the policy terms, to defend its insured against claims. Courts have construed policies that provide that the insurer will defend its insured as constituting litigation insurance for the defense of claims that are potentially within the policy’s coverage. “The duty to defend arises whenever the allegations in a complaint against the insured fall within the scope of the risks undertaken by the insurer, regardless of how false or groundless those allegations might be.”

Duty to Defend And, “if any of the claims against the insured arguably arise from covered events, the insurer is required to defend the entire action.” The duty to defend is broader than just an insurer’s obligation to pay defense costs. The courts have noted that, the “duty to defend” customarily includes an insurer's right to choose the attorney and to control the litigation strategy. Indeed, the duty to defend typically includes the duty to investigate a claim and negotiate pretrial settlements.

Pay On Behalf: Promises to make direct payment on behalf of the insured for those sums of money the insured becomes legally obligated to pay because of liability imposed upon the insured by law, or assumed under contract.

Reimbursement and Advancement of Defense Costs Type Policies- Although D&O insurers under this type of policy generally do not have a duty to defend, D&O policies do cover defense costs. The primary questions that arise in connection with the payment of defense costs regard (1) control over the costs incurred and (2) when the insurer must make defense payments. In connection with the first question, although insurers do not control an insured’s defense, under these types of D&O policies they are required to reimburse only reasonable defense costs arising out of covered claims. Thus, an insured or his chosen counsel does not get a blank check.

Best of Both Worlds - Duty to Defend or Reimbursement Introduced by GAIC D15100 The Insureds have the right to assume the defense of any liability claim against them. The named entity shall exercise this option in writing on behalf of all insureds within 30 days of the reporting of the claim to the insurer. If this option is exercised, the insurer shall not reassume the defense of the claim. However, the insurer shall at times have the right to associate with the insured in the investigation, defense, or settlement of any claim to which coverage under this policy may apply.

Insurance Coverage - Crime
Unauthorized Acquisition of Communication Services VOIP phone system fraud in PBX and Key Type phone systems allow hackers relatively easy access to the systems. Most individuals do not change their password at their desktop, nor do system administrators change the master for the whole system. Example of a simple theft: Hacker breaks a system and changes voic to simply say yes. The hacker places a call to a third party and then instructs the operator to call the VM number for approval of call charges and when they call the answer is yes.

Unauthorized Acquisition of Communication Services VOIP fraud is still in the infancy stage, but the threat and reported incidents are growing. Claim example: Two men routed calls through an unprotected network port at other companies and routed calls through their providers. Over three weeks they route 500k calls through a VOIP provider. Investigators who caught the men believe they made $1m from the scam.

The following is added to the Additional Coverages in the Select Business Policy Building and Personal Property Coverage Form: Unauthorized Acquisition of Communication Services In the event of the unauthorized theft of a service that you provide, we will pay for expenses and lost revenue you incur from a third party supplier who, in turn provides you with that same service or add for which you are liable for expenses, fees, or lost revenue to a third party. Services including; Voice, Data, Video and Internet. We will pay up to $25,000 for all loss caused by one or more persons or involving a single act or series of related acts in aggregate per policy period subject to satisfaction of the other peril deductible on the policy form.

Unsolicited Communications
CAN Controlling the Assault of Non-solicited information. SPAM "Spam" is unwanted and unsolicited sent to an individual's or corporation's computer system. A massive spam attack on a company's system can take up so much space on its server that it causes the system to crash. Such risks can be insured against under Internet/online policy forms that cover business interruption losses. COPPA Children’s Online Privacy Protection Act. COPPA contains a requirement that the Federal Trade Commission issue and enforce a rule concerning children’s (13 and under) online privacy, which the Commission did in 1999.

Violations The FTC has brought a number of actions against website operators for failure to comply with COPPA requirements, including actions against Girl's Life, Inc., American Pop Corn Company, Lisa Frank, Inc., Mrs. Field's Cookies and Hershey Foods. In September 2006, the FTC levied substantial fines on several enterprises for COPPA violations. The website Xanga was fined $1 million for COPPA violations, for repeatedly allowing children under 13 to sign up for the service without getting their parent's consent. Similarly, UMG Recordings, Inc. was fined $400,000 for COPPA violations in connection with a website that promoted the, then, 13-year-old pop star Lil Romeo and hosted child-oriented games and activities, and Bonzi Software, which offered downloads of an animated figure that provided shopping advice, jokes, and trivia was fined $75,000 for COPPA violations.

Civil enforcement In July 2005, the Federal Trade Commission lodged civil CAN-SPAM complaints against nine companies alleging that they were responsible for spam s that had been sent by them or by their affiliates. Six of the seven companies, Cyberheat, APC Entertainment, Inc., MD Media, Inc., Pure Marketing Solutions, LLC, TJ Web Productions, LLC, BangBros.com, Inc., RK Netmedia, Inc., and OX Ideas, Inc., LLC, entered in to a stipulated content decree. Impulse Media Group, Inc. chose to defend itself against the allegations made by the FTC.

The Department of Justice asserted that the CAN-SPAM statute imposed strict liability on producers such as Impulse Media for the actions of its non-agent, independent-contractor affiliates. However, the two courts to consider that argument rejected the DOJ's contention. In March 2008 the remaining defendant, Impulse Media Group, went to trial. At trial, it was determined that IMG’s Affiliate Agreement specifically prohibited spam bulk- and that if an affiliate violated that agreement, it would be terminated from the program. In fact, several affiliates had been terminated for that very reason. After a 2½ day trial, the jury retired to determine whether Impulse Media should be held liable for the bad acts of its affiliates. 3 ½ hours later, the jury returned with a verdict that IMG was not liable and that the s were the fault of the affiliates. In March 2006, the FTC was awarded its largest victory to date - a $900,000 judgment against Jumpstart Technologies, LLC for numerous violations of the CAN-SPAM act.

Insurance Coverage - Contract Pitfalls
The legally memorializing of a partnerships is important, but when the contract gets to be 42 pages and an insurance expert hasn’t done a review what could possibly go wrong? The contract: The agreement is entered into as of ______date among XYZ News and Internet Ventures, a NY partnership limited liability company on one hand and cooperative covering those of its current members which are approved by ABC and part of ABC Member Participation Agreement. Whereas, licensee operates websites, produces content, and allows display of content.

The contract continued: Page 16 of 42… COPPA, CAN and SPAM Clause 14.4 Each Licensee shall maintain throughout the term of this agreement and for two years thereafter reasonable insurance coverage to cover against claims and allegations of CAN SPAM and COPPA violations.

From a Policy Perspective There is a Problem Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) A federal law imposing restrictions on the use of for marketing purposes and providing causes of action against violators. Claims arising out of the violation of CAN-SPAM are excluded under standard general liability insurance policies.

One Solution Adding an Endorsement and Removing an Exclusion Introducing the Unsolicited Communications Sublimit Endorsement The endorsement removes the exclusion which states: Any actual or alleged violation of the Telephone Consumer Protection Act, or any similar state or federal statutes or regulation relating to unsolicited fax, , text or telephone communication to any person or entity is excluded unless a breach occurs and this is a result.

Unsolicited Communications Sublimit Endorsement Insurer will pay ___% of any claim actual or alleged that is a violation of the Telephone Consumer Protection Act, or any similar state or federal statutes or regulation relating to unsolicited fax, , text or telephone communication to any person or entity. Coverage is subject to a separate retention. The insurer shall have no obligation to pay any loss or defend any claim after the sublimit has been exhausted. Retention applies to each and every_____ Limit applies in aggregate_____

Unsolicited Communications Limited Protection in NSDL In the event of a data breach and if you have purchased a NSDL policy there is defense coverage for allegations of CAN/SPAM with a sublimit of $25,000 under the Regulatory Proceeding. This is not indemnification however. What does the contract require? What are the risks? These are the real questions!

Thank You It has always been a matter of trust…
6301 Ivy Lane, Suite 506, Greenbelt, MD 20770 Phone Fax

Telcom Insurance Group

Similar presentations

Presentation on theme: "Telcom Insurance Group"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Telcom Insurance Group

Similar presentations

Presentation on theme: "Telcom Insurance Group"— Presentation transcript:

Similar presentations

About project

Feedback