by Mary Salerno, National Accounts Manager

Breach of Privacy and Breach of Security coverage provides protection for wrongful acts or claims resulting from unauthorized disclosure of personal and confidential information either as a result of your actions or the actions of another, such as a hacker. Most insurance agents and brokers E&O policies have not been updated to reflect the modern day exposures of conducting business electronically and fail to adequately cover such exposures.

Policy Form Exclusions

E&O policy forms often contain specific exclusions for claims “related to, arising from, or in any way attributable to a breach of privacy or a breach of security.” If your errors and omissions policy contains such exclusions, there is little doubt that a claim for Breach of Security or Breach of Privacy would be denied. Other E&O policy forms are entirely “silent” on this issue. That is, they lack a specific exclusion for such claims, but they also lack a specific coverage grant as well. In most cases it is our opinion that “silent” is subject to interpretation. When an insurance policy is “silent,” it is difficult to predict just how that policy would or would not respond. We recommend, when possible, that such coverage be specifically added to the policy language.

Breach of Privacy Risks

Insurance agencies collect, maintain and distribute confidential information from clients and others. Information such as tax ID, social security and driver’s license numbers, home addresses, financial and income information and even medical information protected by HIPAA. This information is entrusted to your care for use in procuring insurance. Typically this information is stored as an electronic file on a computer, laptop or a server. We see risks in several ways:

1. The unintentional disclosure through sending an email or through other electronic means such as a fax.
2. The unintentional disclosure through a lost or stolen laptop or disc.
3. The introduction of viruses/trojans that can disseminate confidential information to unintended parties.
4. The unintended consequences of a hacker.

These would each be considered a breach of privacy and/or a breach of security exposure and excluded under most E&O policies.

What can you do?

Review your own E&O policy or engage an expert to insure that you have adequate coverage. A thorough review of your policy will reveal whether you have sufficient coverage relating to this risk.

by Thomas Barrett, VP Commercial Sales

“Tail Coverage” for insurance agency E&O is simply the jargon for the Extended Reporting Coverage (ERP) feature usually found in a claims made policy.  It allows you to cover E&O risks, after the E&O policy has expired, for claims that may arise down the road.  It is not extending your policy period, but simply giving you more time to report an incident or claim to the carrier for professional services provided subsequent to the retroactive date listed in the policy and prior to the expiration date of the policy.  Many policies only give you the right to purchase such coverage in the event the insurance company cancels your policy.  Without this coverage, you are self insuring; the legal defense cost and damages are on your own dime.  Make sure that your policy has a bilateral tail; meaning that you can use this option whether you cancel or the carrier cancels your policy for reasons other than default.  If you retire, buy or sell an agency, or simply wind down your operation, this becomes an important policy feature.

Should you buy an agency from someone, you should insist that the seller buy tail coverage for at least a 3-year term; the seller typically bears that risk and cost.  If you sell your agency you should purchase tail coverage because you can still be brought into a suit about a past event.  If you wind down your operation to retire or simply dissolve the business, you should also obtain tail coverage to protect yourself from  an unexpected legal action  Suits concerning negligence are personal and having a live entity or dissolved entity may not protect your personal assets.

Here is an example of someone needing to purchase “Tail Coverage”:

An agency goes up for sale.  The purchaser of the agency requires a 3-5 year tail coverage endorsement.  The seller’s policy only allows for a 12-month endorsement.  Prior to selling his agency and his policy expiring, he finds he needs to locate a new carrier willing to extend terms for the additional coverage. This owner cannot sell his agency if he cannot find alternative coverage.

Our Firm has a solid understanding of this risk and has the markets to place such coverage.  Many agency owners are not aware that they can purchase additional coverage from an alternative carrier.  Often an alternative carrier can offer different pricing, terms and limits than the expiring carrier.  When we shop and negotiate tail coverage, we find that there are new carriers willing to quote lower premiums and differing limit options in contrast to the non-negotiable terms found in an Insured’s policy.  We have also been successful in identifying carriers willing to add tail coverage post policy expiration for Insureds who elected not to use their ERP option and later regretted that decision or for which their options have expired.  We have been approached by Insureds who purchase a 12 month tail, and when nearing expiration, decide to extend another 2-years or longer for their own peace of mind.  We have also been successful at placing this additional tail coverage with our carriers.