Cyberspace and Insurance | ||
|
||
|
||
E-commerce exposures In this lesson, we will examine exposure issues - and solutions to these issues - that concern businesses conducting e-commerce. The issues we will address are: Computers The list of computer-related exposures continues to grow. In e-commerce, the impact of computer downtime is felt within minutes. And what about computer-based transactions? Can a client provide a valid, legal, and enforceable contract online? Also, you can imagine if an entire database (including backed up files) on customer information disappeared. Here is only a sample of the issues at play when talking about computer risk: Jurisdiction When a business launches a Website, it instantly becomes a global company. This raises some very interesting questions, perhaps the most important of which is,"Where is the insured doing business?" First, let's take a look at litigation. U.S. law is changing as the courts interpret cyber situations based on factual presentation at time of litigation. Very few cases have yet to be decided. Bensusan Restaurant Corp. v. King, 126 F.3d 25 (2d Cir. 1997) is an example of "passive" litigation related to jurisdiction, in which there's no trade, offers of trade, or sales of products (only advertising). In this case, the owner of the famous Blue Note jazz club in New York sued the owner of a jazz cabaret in Missouri by the same name, citing that though King was only doing business in Missouri, he was advertising (via his Website) across many jurisdictions, including New York and therefore was guilty of trademark infringement. The case was dismissed in appeal, finding that the Website was created for a Missouri audience only. Minnesota v. Granite Gate Resorts, Inc. 568 N.W.2d 715 (CT. App. MN, 1997), on the other hand, is an example of active litigation related to jurisdiction, in which orders were placed, mailing lists were sent, and business transactions were attempted over the Internet. A Minnesota resident was told that it is legal to gamble over the Internet and signed up to participate in wagers through a site established in Belize. It was upheld that gambling is not allowed in Minnesota and that deceptive business practices were at play, but the case also raised the relevant issue of advertising jurisdiction. "Where" can an online gambling service advertise, given that the Internet is available to everyone? Perhaps more thought provoking are those cases in the middle ground - neither strictly interactive nor passive. In Mink v. AAAA Development (Fifth Circuit), the operator provided a printable mail-in order form, a toll-free number, and an email address on its Website. Although the email address allowed consumers to interact with the company, the court held that the operator was passive since no orders could be placed online, no business was ever conducted over the Internet with foreign residents, and there was no evidence that the defendant had any business interactions with consumers, other than responding to emails. As one measure to protect the insured, you should review all policies provided to the insured for territory limitations. CGL has limited worldwide coverage so you may need to suggest a foreign liability policy. Look to insurance companies that are admitted in foreign countries. Provide a true umbrella policy with worldwide coverage for claims and suits. If the insured is selling products over the Internet, review shipping procedures. Marine policies may be needed in addition to or in lieu of inland marine policies. Also discuss jurisdiction with the underwriter and/or claims supervisor as to the insurance company's approach. Computer policies have a very limited territory definition. Review the client's actual sites of operation for their business and any linked businesses. It is also prudent to look into any new or planned sales territories for transit exposure. Go to an insurance company who is willing and able to provide worldwide coverage if the insured has or is developing global sites. Check for the availability of dependency coverage from insurance companies, for items such as: Crime policies have a very limited territory definition. Look to companies such as Chubb, AIG, Royal, Zurich, and Reliance National among others for worldwide coverage. Directors and Officers (D&O) policies often have a territory limitation. Any insured operating on the Web (whether corporation, LLC, or partnership) must be offered a worldwide policy to protect against acts and suits. Any insured linked to other systems must be offered the same. Property damage Property damage in e-commerce can take a couple forms: CGL policy definition of property damage is as follows: 17. "Property damage" means: a. Physical injury to tangible property, including all resulting loss of use of that property. All such loss of use shall be deemed to occur at the time of the physical injury that caused it; or b. Loss of use of tangible property that is not physically injured. All such loss of use shall be deemed to occur at the time of the "occurrence" that caused it. Hennepin County Retail Systems v. CNA Insurance Companies, No. C7-90-2586 (Mn. App. May 21, 1991) held the insurance company responsible for defending under "property" the loss or erasure of data caused by an error committed by the insured in the course of a commercial online transaction. In Magnetic Data, Inc. v. St. Paul Fire and Marine Insurance Companies, 1989, the Minnesota Court of Appeals held the same answer. But do not rely on these cases for your insured. If your insured is hiring independent contractors to provide Website construction or any other form of telecommunications, require the other party to carry coverage specific to 3rd party losses resulting from this kind of activity. If your insured is providing this kind of work, buy a coverage form that treats loss of data for both direct and indirect 3rd party loss as "property damage". Another approach could be an Errors and Omissions policy covering acts of the insured. The E&O form should be non-specific as to resulting loss. The forms are often limited in territory and respond typically to "damages" that would not include non-monetary or injunctive relief. The forms also often exclude punitive damages. If your insured is accessing other's computers for sharing of information or ordering or selling a product, offer a technology-based CGL that specifically covers this potential risk of 3rd party loss. Defamation, privacy, and confidentiality As you already know, the Internet as an open communication venue is an arena in which defamation injury happens all the time and in which privacy and confidentiality are at risk. From public chat rooms to the use of credit cards for online shopping, information (and misinformation) about individuals and companies can be abused. As protection, provide a specific technology-based product that addresses these issues specifically on a global basis. Look at both the policy territory and the policy definitions. Provide 3rd party credit card protection, either by endorsement to a CGL form or by way of Computer Fraud as well as Employee Dishonesty coverage. Let's take a look at some policy language changes that relate to this issue. From CGL 1996 edition 1. "Advertising injury" means injury arising out of one or more of the following offenses: a. Oral or written publication of material that slanders or libels a person or organization or disparages a person's or organization's goods, products or services; b. Oral or written publication of material that violates a person's right of privacy; c. Misappropriation of advertising ideas or style of doing business; or d. Infringement of copyright, title or slogan. 13. "Personal injury" means injury, other than "bodily injury", arising out of one or more of the following offenses: a. False arrest, detention or imprisonment; b. Malicious prosecution; c. The wrongful eviction from wrongful entry into, or invasion of the right of private occupancy of a room, dwelling or premises that a person occupies by or on behalf of its owner, landlord or lessor; d. Oral or written publication of material that slanders or libels a person or organization or disparages a person's or organization's goods, products or services; or e. Oral or written publication of material that violates a person's right of privacy. From CGL 1998 edition 1. "Advertisement" means a notice that is broadcast or published to the general public or specific market segments about your goods, products or services for the purpose of attracting customers or supporters. 14. "Personal and advertising injury" means injury, including consequential "bodily injury", arising out of one or more of the following offenses: a. False arrest, detention or imprisonment; b. Malicious prosecution; c. The wrongful eviction from, wrongful entry into, or invasion of the right of private occupancy of a room, dwelling or premises that a person occupies by or on behalf of its owner, landlord or lessor; d. Oral or written publication of material that slanders or libels a person or organization or disparages a person's or organization's goods, products or services; or e. Oral or written publication of material that violates a person's right of privacy; f. The use of another's advertising idea in your "advertisement"; or g. Infringing upon another's copyright, trade dress or slogan in your "advertisement". Taking a closer look at personal and advertiser's injury will provide more insight into this area. Personal and advertising injury One obvious concern in e-commerce is impersonation. For example, someone fraudulently purchases items over the Internet or makes business transactions using someone else's identity, credit card number, etc. Advertiser's liability is another concern. It is in part determined by the use of a Website. Is the site linking / framing with other sites? Is revenue generated by hyperlinking? Clients may be considered to be "in the business of advertising" and subject to the CGL exclusions under Coverage B. Here's the language of the CGL personal and advertising injury exclusion. 2. Exclusions This insurance does not apply to: a. "Personal and advertising injury": (9) Committed by an insured whose business is advertising, broadcasting, publishing or telecasting. However, this exclusion does not apply to Paragraphs 14.a., b. and c. of "personal and advertising injury" under the Definitions Section. Intellectual property When addressing intellectual property issues, you should consider the following areas: Directors and officers Infringement-related suits have named directors and officers, so D&O insurance might be triggered in e-commerce cases involving advertising injury, etc. Extortion One of the risks facing companies involved in e-commerce is extortion. Extortion might be directed at a company's product or product line, as well as at its Website. A solution provided by the insurance industry is Product Extortion coverage, a specialty form offered by a few carriers. Telecommunications and Internet construction Similarly, telecommunications and Internet construction is a risk for online companies. The risk is one of direct loss, business interruption, or extra expense. Coverage would require an independent contract to provide evidence of insurance for 3rd party loss, including impaired property and loss of income / extra expense. This might take the form of an E&O coverage. Depending on the peril, it is possible that the Electronic Data Processing (EDP) form could respond, if it includes Bodily Injury as well as Enterprise Earnings. There must be direct loss or damage to trigger that form. An error by the computer programmer may not cause direct loss; rather, improper functioning of the network might. The independent contractor's CGL policy would probably deny the claim under the Impaired Property exclusion. As a precaution, require a completion bond to be provided by the programming company. Employee-related exposures The age of online business has opened up more avenues for employee-related exposures. Not only does the insured company worry about the employee falling down a flight of stairs at the office, but now there are also serious concerns about email privacy invasion and other issues that employers did not have to deal with even a few years ago. The following is a list of some of the employee-related exposures for the insured: Intel Corp. v. Hamidi, Cal. Super. CT. No. 98AS05067, Nov. 24 1998, Sacramento Superior Court is an example of a suit involving one or more employees sending out emails to others. Mass mailings to Intel by a disgruntled former employee were originally thought to constituted trespass, but a ruling by the California Supreme Court in mid-2003 found the act to be different from trespass and spam. These are some recommended solutions for protection against employee exposures in regards to computer use: |
||
Next Page >
|
||
| ||
© Copyright CEfreedom.com and Insurance Skills Center. All Rights Reserved. |
||
Not only are policy forms, clauses, rules and court decisions constantly changing, but forms vary from company to company and state to state. This material is intended as a general guideline and might not apply to a specific situation. The authors, LunchTimeCE, Inc., CEfreedom, and Insurance Skills Center, and any organization for whom this course is administered will have neither liability nor responsibility to any person or entity with respect to any loss or damage alleged to be caused directly or indirectly as a result of information contained in this course. |