E-Quicksand: insurers and policyholders must take steps to avoid the latest dangers in cyber-attacks, e-mail, operations and privacy. (Cyber-Risks).As insurers' and insureds' use of technology grows, so does the potential for technology-related liability risks. Two experts have defined strategies to help insurance carriers protect themselves from straying into the quicksand quicksand State in which water-saturated sand loses its supporting capacity and acquires the characteristics of a liquid. Quicksand is usually found in a hollow at the mouth of a large river or along a flat stretch of stream or beach where pools of water become partly filled of these exposures. Robert Hammesfahr and Andrew Katz, attorneys with national law firm Cozen coz·en v. coz·ened, coz·en·ing, coz·ens v.tr. 1. To mislead by means of a petty trick or fraud; deceive. 2. To persuade or induce to do something by cajoling or wheedling. 3. O'Connor, recently spoke to Best's Review about those strategies and ways information-technology professionals can manage the electronic flow of information to minimize such risks as e-mail and privacy invasions, trademark piracy piracy, robbery committed or attempted on the high seas. It is distinguished from privateering in that the pirate holds no commission from and receives the protection of no nation but usually attacks vessels of all nations. and U.S. Securities and Exchange Commission violations. Q: How can insurers protect themselves from liability risks associated with the increased use of the Internet and Intranets? Katz: The most publicized pub·li·cize tr.v. pub·li·cized, pub·li·ciz·ing, pub·li·ciz·es To give publicity to. Adj. 1. publicized - made known; especially made widely known publicised new risks today generally stem from terrorism and hacking See hack and hacker. incidents. Those with networked systems or those with a presence on the Web may be potential targets. And as news reports suggest that Al Qaeda terrorists are considering targeting U.S. nuclear power plants' computer systems, the awareness that enormous potential exposures exist increases. While not necessarily new, Internet-usage risks, such as network problems and hardware failures, also have broader-reaching consequences as reliance on the Internet as an integral business tool grows. For instance, downtime The time during which a computer is not functioning due to hardware, operating system or application program failure. resulting from a server malfunction--particularly in file sharing Copying files from one computer to another. See peer-to-peer network, file sharing protocol and file and printer sharing. and active server pages (World-Wide Web, programming) Active Server Pages - (ASP) A scripting environment for Microsoft Internet Information Server in which you can combine HTML, scripts and reusable ActiveX server components to create dynamic web pages. IIS 4. arrangements--can directly affect both the insured and their customers. Insurers need to understand that the potential liabilities are higher and set proper premiums and put coverage caps into place. Q: How are chief information officers and information-technology professionals managing information flow to minimize risks? Hanimesfahr: Mapping Web exposures is an important first step. IT professionals have to recognize first-party and third-party exposures and quantify first-party intangible assets Intangible Asset An asset that is not physical in nature. Notes: Examples are things like copyrights, patents, intellectual property, and goodwill. These are the opposite of tangible assets. that might be subject to destruction or malicious use, in addition to quantifying third-party reach of their systems. Only a few companies have different indexes to determine the level of technology risk. Most people look at third-party exposures in the physical world in terms of the number of physical locations, employees and sales. Katz: IT professionals need to take a three-pronged approach to managing information flow. First, CIOs have to work with their human-resources departments to make sure policies governing information flow are established. Second, CIOs have to be responsible for implementing these policies, which may result in additional hardware and software expense. This effort should include establishing backup and monitoring systems, which are critical not only to operating computer systems but also to spotting problems before significant damage can occur. There are many new hardware and software products that can help CIOs ensure that use of data isn't violating a company's privacy policy and that employee e-mails are monitored so they don't contain unsavory language. These products are becoming more complete and more widely available, but the challenge still lies in distinguishing the good products from those that aren't so good. Third, IT professionals need to make sure insurance is in place so that their company has protection if something does go wrong. Q: What are some of the legal ramifications ramifications npl → Auswirkungen pl of risks such as trademark piracy and Securities and Exchange Commission violations, and what can insurers do to protect themselves against these exposures? Katz: There's a significant amount of trademark infringement Trademark infringement is a violation of the exclusive rights attaching to a trademark without the authorization of the trademark owner or any licensees (provided that such authorization was within the scope of the license). on the Internet, partly because it is so easy to do--either inadvertently or intentionally. The infringing use can occur in the content of a Web site, in a meta tag An HTML tag that identifies the contents of a Web page for the search engines. Meta tags are hidden on the page, but they, as well as all the HTML code on a page, can be viewed by selecting View/Source or View/Page Source from the browser menu. or domain name, or even by advertising someone else's product. While the actual damages Noun 1. actual damages - (law) compensation for losses that can readily be proven to have occurred and for which the injured party has the right to be compensated compensatory damages, general damages resulting from such infringement may be small, the risk of a dispute is high because the trademark owner must protect its mark or risk losing it. Further, if litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. ensues, the prevailing trademark owner can often recover its attorney fees. Copyright infringement Noun 1. copyright infringement - a violation of the rights secured by a copyright infringement of copyright plagiarisation, plagiarization, piracy, plagiarism - the act of plagiarizing; taking someone's words or ideas as if they were your own is also common on the Internet. Accordingly, a company that has a significant Web site should train one or more of its personnel how to identify and alleviate potential trademark and copyright risks on the site. Insurers can help by developing a protocol that the insured is expected to follow when introducing new material on the Web site. Hammesfahr: The first step in protecting against trademark piracy is to have an in-house department responsible for potential exposures, including trademark infringements and copyright protections and for protecting the company's assets. The number of infringement lawsuits is now growing by quantum leaps quantum leap n. An abrupt change or step, especially in method, information, or knowledge: "War was going to take a quantum leap; it would never be the same" Garry Wills. . In addition, the cost of defending a patent-infringement suit can range from $1 million to $2 million. Katz: SEC liabilities can also result from the misuse of information on the Internet. For instance, if a company employee reveals confidential business information on a message board and the information materially affects the price of the company's stock, then SEC rules are violated. It's difficult for the company to monitor what's happening all of the time and impossible to catch these events before they occur. Still, both the insured and the insurer should have policies in place before an event occurs so that they have the structural means of reacting, rather than seeming to act on a case-by-case basis. Q: What do employers need to know about employees' claims regarding e-mail-monitoring violations? Katz: The law, for the most part, has come down such that companies can do a great deal of monitoring on their own sites and of employees' e-mail usage during work time. The key to avoiding potential liability is to make sure companies have a policy in place that specifies what they can do and to let employees know what they can expect. As long as employers disclose their policies to employees, they have nearly free reign in monitoring these activities. Employees must understand that e-mail accounts e-mail account n → cuenta de correo are owned by their employers and may be subject to monitoring. Retention of e-mail messages opens another question. We're now seeing a tremendous amount of discovery and litigation aimed at obtaining e-mails to prove a company's wrongdoing wrong·do·er n. One who does wrong, especially morally or ethically. wrong  do . Officers, as well as employees, must realize they have to be very sensitive about what they say in their e-mail messages because of the written record of these communications. Most companies are learning that it may be better to delete e-mails as part of the normal course of business than to save them indefinitely. Q: Are an increasing number of electronic documents being subpoenaed in lawsuits against carriers, and, if so, what does this mean for carriers? Hammesfahr: This is a significant issue for insurers, particularly because insurance is one of the most intensive industries in terms of volume of litigation. Insurers are involved in a lot of litigation with policyholders for coverage issues defense of policyholders being sued and regulatory litigation involving market-conduct concerns. There are several questions, however, that need to be answered, such as how to locate e-mails, how to filter them and whether filters are appropriate. There's also the issue of confidentiality and how to sort through attorney/client privilege issues. Also, in some instances, companies may have to capture home computers and personal digital assistants to obtain information, which adds a tremendous cost to discovery. If companies increasingly store a lot of materials in electronic formats, further analysis needs to be done as to how systems can be put into place to respond to discovery requests. Initially, everyone thought the primary focus was getting everything onto systems electronically, but now they're thinking in terms of an electronic format, how it's used and whether it will be an electronic discovery. We'll have to respond in ways we didn't appreciate in the past. Q: What operational steps do insurers need to take to address the technology-related liabilities you've identified? Katz: Companies must be made to act in an accountable manner. "If it goes wrong, we have insurance coverage" should not provide the ultimate resolution to a tough business decision. To combat this mentality, tougher exclusions can be written around willful Intentional; not accidental; voluntary; designed. There is no precise definition of the term willful because its meaning largely depends on the context in which it appears. and intentional actions. Coverage can be adjusted when companies get legal opinions before embarking on business ventures, so that liability can shift to the law firms This list of the world's largest law firms by revenue is taken from The Lawyer and The American Lawyer and is ordered by 2006 revenue:[1]
Q: What are some of the technology-related risks insurers might face in the future? Hammesfahr: Modeling issues are a potential future risk. It's possible to conceive of Verb 1. conceive of - form a mental image of something that is not present or that is not the case; "Can you conceive of him as the president?" envisage, ideate, imagine losses that would be accumulated across the insurance industry based on digital activity, as opposed to physical activity. Many companies are now looking at how to quantify and trend these activities. The size of the company, type of business and activities it's engaged in and its business missions will vary from company to company. In addition, insurers, apart from running their own operations, have another risk to contend with-figuring out how new technologies might affect their profits and losses related to the number of claims and effects on those claims. As people are able to tag more possessions, they can be more specific in analyzing claims and presenting property-damage claims. Katz: I think we're also going to see a lot more reliance on biometrics, such as retina scans and fingerprints Impressions or reproductions of the distinctive pattern of lines and grooves on the skin of human fingertips. Fingerprints are reproduced by pressing a person's fingertips into ink and then onto a piece of paper. used to log on to systems and access files. These types of security issues are going to become very important for insurers. However, as we create innovative ways to generate security protections, biometrics will likely experience a lot of growing pains grow·ing pains pl.n. Pains in the limbs and joints of children or adolescents, frequently occurring at night and often attributed to rapid growth but arising from various unrelated causes. , and some mistakes are a near certainty. In the future, the Internet, like most new technologies, will have a much greater effect on the magnitude of the risks we face, rather than the type of risks. The types of risks still relate to the core business values: security of business-sensitive information (instead of installing fire alarms, we are installing firewalls); the right to compete (instead of circulating cir·cu·late v. cir·cu·lat·ed, cir·cu·lat·ing, cir·cu·lates v.intr. 1. To move in or flow through a circle or circuit: blood circulating through the body. 2. a neighborhood flier, we are advertising to the world); the protection of our products (in addition to developing new products, we are also encrypting them); and compliance with laws (it's not enough to be compliant with federal, state and local laws when your last three orders came from Spain, Italy and Australia), to name a few. I think insurers, who have dealt with those issues pretty well in the past, will meet these challenges head-on in the future. The key to the long-term health of the insurance industry is understanding how much the liabilities can potentially escalate es·ca·late v. es·ca·lat·ed, es·ca·lat·ing, es·ca·lates v.tr. To increase, enlarge, or intensify: escalated the hostilities in the Persian Gulf. v.intr. and then planning for them accordingly. RELATED ARTICLE: 2002 FUSION Unlocking the Value Robert Hammesfahr and Andrew Katz will speak about new risks of electronic information flow at A.M. Best co.'s 14th annual insurance and technology conference, "E-Fusion 2002: Unlocking the value," which will be held Sept. 29-Oct. 1 in Washington, D.C. |
|
||||||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion