Upload
amystewart
View
817
Download
4
Tags:
Embed Size (px)
DESCRIPTION
An overview of the liability risks associated with social media and potentially applicable insurance.
Citation preview
Spotting the Pitfalls & Installing the Safety Nets
THE NUMBERS THE SITES
500,000,000 + 100,000,000 +
50,000,000 500,000,000
Facebook Users in 2010 Facebook Mobile Device
Application Users Twitter “Tweets” per day Minutes per month spent
on Facebook
Security Claims Failure of network and information security
Privacy Claims Failure to protect private or confidential information
Media/Content Claims False advertisement, false endorsement and
disparate access to information
Intellectual Property
Claims
Infringement of trademark, copyright and trade
secret information
Employment Claims Breach of employee privacy, failure to protect
employees from online harassment, use of web-
based research in employment decisions and
libel/slander/disparagement
Professional Liability
Claims
Breach of ethical duties and professional standards
(esp. for lawyers, securities brokers, directors and
officers)
Duty to protect private and confidential information
Breach of security or disclosure of this type of information costly
Research to determine the scope of breach
Notice to affected parties
Suits and damages for actual injuries
Highly regulated:
Federal regulation and guidelines
Lanham Act
State consumer protection laws
Three general issues:
False or unsubstantiated advertising
False, misleading or unauthorized endorsements
Disparate access to information
Breach of another’s protected IP Another’s breach of your protected IP Employee disclosure of confidential and
proprietary information
Employee privacy Online harassment of employees Use of web-based research in employment decisions Libel/slander/disparagement
74% of managers believe that SNS put their company’s reputations at risk.
Potential Claims or Issues
Defamation Claims for Statements Made Online Admissions Against Interest in Litigation Providing “Free” Discovery to Opposing Counsel Breach of Employee Privacy by Employers Accessing SNS Sites Violation of Non-Competes through Job or Customer Searches Employee Discrimination and Harassment Claims
Defamatory Statements made about Employer by Employees
Breach of ethical duties For lawyers: unauthorized advertisement; ex
parte communications with court; and disclosure of confidential information
For securities brokers: misrepresentations in sell of securities and disclosure of confidential information
Breach of professional standards Mismanagement and self dealing of directors and
officers
As the means by which we communicate change, old risks evolve and new risks emerge
Brokers :: insurance industry trying to respond to the risk, but has not caught up
Gaps in coverage, ambiguities in terminology create challenges for insureds who want to ensure that they have covered their modern-day risks and liabilities
Social media exposures cut across multiple policies, depending on the exposure issue:
Cyber liability (privacy and data security)
Defamation, libel or slander
Copyright infringement – consider Facebook
Media / content liability
Employment issues
Professional liability
1st Party Coverage 3rd Party Coverage
Direct loss to business from injury to electronic data or systems
Liability to others for financial losses resulting from internet or other electronic activities
Business interruption
Notification costs
Crisis management expenses
Data restoration
Extortion payments
Credit monitoring
Theft of company data & intangible property
Forensic costs/expenses
Network security breaches (e.g., failing to detect and prevent transmission of a virus to third parties)
Privacy violations (e.g., flaw in IT system gives hackers access to patient information)
Media and content practices (e.g., liability for deceptive and misleading advertisements on website)
No standardized policy terms … yet Coverage often (always?) applies only to
protected data (e.g., Social Security number or confidential health data) – does not extend to Twitter, Facebook and other social media sites (which do not gather protected info)
Ambiguity
What = private?
Terminology not uniform
Example: The Hartford launched CyberChoice 2.0 in 2008, describing the policy as a combination of E&O and first-party coverage Third-party liability coverage for data privacy and network
security liability; Internet and electronic media liability; professional services liability
First-party coverage for business interruption; cyber extortion coverage for threats against data and identity theft
IP coverage for advertising and tech products Reimbursement of expenses in event of breach ::
notification costs, crisis management, fines, credit monitoring, experts
Cyber liability coverage designed to address risks associated with storing electronic data via web-based communities
CGL coverage limited to BI, PD, PI & AI No coverage for identity theft, damage to intangible
property May provide coverage for invasion of privacy
Coverage for cyber-specific remedies
Notification costs
Fines & penalties Crisis management (might be covered by endorsement)
Example: Electronic data liability endorsement on CGL policy (2001 form) Modifies definition of “advertisement” to include
“notices placed on the Internet or on similar means of electronic communication”
Regarding websites, only that part of insured’s website about its goods and services = advertisement
Coverage territory = “all other parts of the world” if personal injury through Internet
CGL policies issued after 2001 may cover “personal injury” and “advertising injury” (also “personal and advertising injury”)
Defined terms are important – scope of PI and AI can differ
Personal Injury
Defamation, libel & slander
Misappropriation of likeness, false light
Invasion of privacy, unreasonably publicity
Advertising Injury
Misappropriation of ideas, plagiarism, infringement of copyright, title or slogan, piracy
Defamation, libel & slander
2005 form – amending personal injury and advertising injury coverage
“Coverage territory” defined to include other parts of the world if injury takes place online
Personal & Advertising Injury Exclusions
Knowing violations of rights of another
Material published with knowledge of falsity
Insureds in media or internet businesses (e.g., internet search, access, content or service provider)
Electronic chatrooms or bulletin boards
Early libel case (filed in 2009) involving tweets and MySpace posts
Following an escalating dispute, a fashion designer accused Love of posting “false and malicious” statements about her
The designer sued Love in conjunction with the online rant; Love settled for $430K in March 2011
CGL policy – by endorsement, no coverage for “unsolicited communications” – facsimile, e-mail, posted mail (i.e., snail mail) or telephone
Post-2001 CGL may cover copyright infringement “in your advertisement” – may expressly extend to web-based marketing / advertisements
Professional liability for architects & engineers may cover copyright infringement, piracy, plagiarism, misappropriation of ideas in rendition of professional services
Non-professional services, non-advertising IP claims may not trigger coverage
Employment Liability
Does social media present an enhanced risk?
Sexual harassment :: EPL coverage
Hostile environment :: EPL coverage
Importance of social media & electronic device policies and procedures
Employer Liability
Ensure the policies extend coverage to employees
E&O for a tech company may look a lot like cyber liability
PL or E&O for everyone else is going to be limited to wrongful acts in the rendition of professional services
Does this cover marketing activities regulated by the state bar? How about unauthorized practice of law issues – perhaps arising from answering a question posed by someone in another jurisdiction on AVVO?
Ethical issues
This architects & engineers PL policy excluded coverage for “copyright infringement” – but by endorsement added coverage for plagiarism, piracy or misappropriation of ideas under implied contract
Insurer covered lawsuit against architect alleging copyright infringement
CGL policy issued to a tech company – by endorsement, no coverage for computer software errors and omissions Acts, errors or omissions in
design, licensing, selling, etc.
Actual or alleged unauthorized duplication or unauthorized use
Social media policy Training and monitoring on appropriate social
media use Educate the C-suite Data breach incident response plan Firewalls? Block social media use during
business hours?
Are underwriters, brokers & insureds using the same words to convey the same concepts
Answer: No. Part of the challenge is the new, increasingly
global economy, which stems in part from global access via the web. Exposures differ from country to country – in the UK, privacy is protected; in the US, the right to privacy is more limited.
R U covered? According to brokers, the insurance industry hasn’t caught up with the risks.
Amy E. Davis Rose Walker LLP
Amy Elizabeth Stewart Amy Stewart PC