Cyberspace and Insurance
Page 6 of 8
Click here for course instructions Click here to exit the course




Risk management checklist

Computer system
  • Telecommunication systems review by outside firm
  • Firewalls in computer system
  • Prevention of access by 3rd parties and employees
  • Reduce possible virus sabotage
  • Uninterruptible power supply with backup batteries routinely charged (all computers should be linked to A/C through the UPS)
  • Redundancy of servers
  • Cooperative agreement with an unrelated business
  • Multi-location of server sites
  • Have the computer or telecommunications system screened by an outside firm for security

    Written agreements
    Written agreements should be signed with independent contractors who contribute in any way to media content. These agreements should specify that all aspects of any work performed for the client is made "for hire" for the client and the client has all rights to the work.

    Agreements should require the contractor to be insured against 3rd party direct or indirect loss due to their actions or of any other party within their control.

    The agreements should also hold harmless the client against any infringement of patent, copyright, or trade dress, created in whole or in part by the independent contractor.

    The agreements should hold harmless the contractor from infringement issues created by use of trademarks, service marks, or material reproduced from an outside source at the request of the client.

    The written license agreements for all software or other media content purchased must clearly allow the assignment of cyber-publishing rights to the client. These rights include rights to store, reproduce, or permit copying in online, digital print format.

    Online content
    Have outside or in-house legal counsel review content of online material prior to publication, looking for:
  • Invasion of privacy
  • Invasion of publicity
  • Infringement on anyone else's protectable rights

    For chat rooms, post a prominent user agreement on the boot screen. Clearly insist that the chat room participant does not pre-screen, censor, or edit messages posted by users. Reserve the right to terminate or suspend users privileges.
    Chat room participants should be clearly directed not to:
  • Post copyrighted material
  • Post defamatory material

    Include a hold harmless clause and limitation of liability in favor of the provider, and warn users that the provider takes no responsibility for content that is upsetting, defamatory, or morally reprehensible.

    The chat room host should have a predetermined response system in place for complaints posted by users about derogatory or defamatory material or material claiming to be copyright infringement.

    Intranet users
    Employee access guidelines, similar to Internet user guidelines, should be provided.

    Provide strong electronic security.

    Post notice that any and all information or material posted or transmitted on the Intranet is at the sole discretion of the employer. The employer reserves the right to remove, change, or edit any material, and the employee agrees that such an act would not be a violation of privacy.

    Warehousing and distribution operations
    Review the company's shipping procedures. Are they all done by computer? What audit procedures are in place to discover fraud from hackers or impersonation?

    If located only in the U.S. but shipping worldwide, review shipping contracts and talk to a lawyer skilled in corporate law as regards international shipping terms.

    Internet use policy
    Develop and implement a comprehensive Intranet, Extranet, and Internet policy for the workplace. It would be good to have an Internet use policy for employees as part of employee handbook that includes:
  • Internet use restrictions
  • Statement concerning prohibited uses of computers on any system
  • Statement of privacy (or lack of privacy) concerning email or voicemail systems
  • Rules about downloading Internet materials
  • Training of Internet use
  • Prohibition of posting company secrets in Internet chat rooms

    Cyberlaw
    Review whether any product sales violate local, state, federal, or international law. Consider site jurisdiction as well as end user jurisdiction, for example:
  • Internet bookstores selling Mein Kampf to German citizens, which is not allowed in Germany
  • A liquor store owner who establishes a Website to sell liquor with no way to control selling liquor to minors

    Cyberspace audit
    Conduct a cyberspace audit of Internet systems:
  • Review employee issues with an employment practices attorney.
  • How many employees have access to Internet through company-owned or company-controlled systems?
  • If computers are located in employee's homes, are they using Internet for business purposes only?
  • How much time are employees spending on the Internet? And can you even monitor and answer this question?
  • What types of audits or controls are in place for e-commerce activities?
  • Are any voice recognition systems in place or being contemplated for disabled employees? If not, review the disabled employee procedures for the employee handbook.
  • Companies are available to provide a search of chat rooms and discussion groups to see what might be being said about your company.
  • Is encryption protection necessary for the Website due to confidential internal or customer information?
  • Note that encryption is viewed as a munition and there are many laws governing the use of this in dealings with other countries.
  • Use an attorney for advice.

    Registration issues
    Ensure that proper registration is taken care of:
  • Register the company Website with the U.S. Copyright Office
  • Also register all trademarks and service marks used in the Website
  • Register the Website domain name
  • Make sure to register all dilutions, variations, and types
  • Use a search service
  • Do not get involved in cybersquatting

    Key elements of an email risk management program
    Employees should consistently apply the company's information management policies regarding emails. The company's guidelines should be to:
  • Delete email messages that are no longer needed after a specified period of time
  • Retain and manage email that is needed

    An email management program might include:
  • Written retention schedules
  • Published policies and procedures
  • Email guidelines
  • Mailbox storage quotas
  • An "aging" or auto deletion mechanism such as the Microsoft MBClean product
  • Training for all employees
  • A periodic audit for records program compliance

    Remember that voicemails and Websites are electronic records. Websites and different versions of Websites must be maintained pursuant to records management policies. Websites are fast becoming the subject of discovery, hence the need for considering records retention policies for Websites.

    In dealing with electronic records retention matters, don't forget "spoliation" issues, which concerns the intentional destruction of documents. Spoliation liabilities may result from unauthorized destruction of electronic records that should have been kept to satisfy discovery requirements.

    Encrypted email can create real problems in discovery if, for example, a company is unable to decrypt encrypted email.


  • Next Page >

     

    © Copyright CEfreedom.com and Insurance Skills Center. All Rights Reserved.

    Not only are policy forms, clauses, rules and court decisions constantly changing, but forms vary from company to company and state to state. This material is intended as a general guideline and might not apply to a specific situation. The authors, LunchTimeCE, Inc., CEfreedom, and Insurance Skills Center, and any organization for whom this course is administered will have neither liability nor responsibility to any person or entity with respect to any loss or damage alleged to be caused directly or indirectly as a result of information contained in this course.