Category Archives: Policy

Data and Privacy Breaches

With data breaches all over the news, it’s no wonder businesses want to manage their exposure to the financial risks that accompany these threats. Data breach insurance is often the policy that companies need to protect themselves. Coverage is especially important because of the expense involved with a data breach. According to a 2015 study by risk assessment firm NetDiligence, the average data breach claim costs nearly $674,000. And no company is immune to the risk. Here are a few hypothetical examples across different industries:

CPA Firms: A staff member backs up some client files to an unencrypted flash drive and puts it into her purse. She then goes shopping and her purse is stolen. The staff member had been preparing payroll tax returns for several clients in multiple states. The flash drive included payroll information such as names, addresses, salaries, and Social Security numbers. The firm must now evaluate the severity and scope of the incident. They must consult with legal counsel about compliance with notification laws and with public relations regarding the breach. Finally, they must notify any potentially affected clients.

Real Estate Firms: In order to reduce costs and simplify the process, a small real estate company outsources its information storage and maintenance to a third party company. The third party experiences a data breach and the real estate firm’s data is jeopardized. Confidential information included clients’ Social Security numbers, bank account, credit, and debit card numbers, financial documents, and much more. Unfortunately, this “cost-saving” measure for the small real estate firm results in high legal costs, damage to their reputation, and a loss of business.

Architect and Engineering Firms: Technology is a large part of the architect and engineer’s practice. They routinely use technology to communicate with clients, perform accounting, and share project information. Design professionals also use technology to access information about their clients, including banking account numbers, employee data, and non-public business information. This can leave firms vulnerable to data breaches, malware, ransomware, and spear-phishing against employees. Many architecture and engineering firms are small businesses, which are targeted more often due to their perceived vulnerability. In fact, the National Cyber Security Alliance estimates 71% of security beaches target small businesses.

We all know the best defense is a good offense. That’s why more and more businesses are opting for policies that protect them from liability and expenses caused by a data or security breach. There are primarily two types of insurance offered – first-party and third-party. Here’s a look at both:

First-Party Insurance covers the policyholder’s own losses and can include the following coverage:
• Investigation: costs associated with assessing whether a breach has occurred and measuring the impact and severity.
• Data Loss: costs associated with the tampering or loss of the policyholder’s data.
• Software/Hardware: damages to software systems and/or computer hardware as a result of a cyber attack.
• Loss of Revenue: loss of income or other costs if the policyholder is unable to conduct business due to a breach.

Third-Party Insurance insures for the liability of the policyholder to third parties such as customers, clients, and the government. It can include the following coverage:
• Notification: costs associated with notifying employees, customers, or patients of a breach.
• Regulatory: costs associated with lawsuits or judgments as a result of a data breach. It also covers legal and technical expenses incurred for responding to regulatory inquiries.
• Crisis Management: expenses for public relations and advertising educating customers about the data breach, as well as the policyholder’s response.
• Credit Monitoring: costs of providing credit and/or fraud monitoring services to affected parties.

Cyber attacks can happen in organizations of every shape and size. Hackers also seem to get more sophisticated each day. Covering the risks associated with data breaches is an essential way to stay one step ahead of the “bad guys”.

Limitation of Liability Clause

Who doesn’t want to limit the likelihood of potential lawsuits and other claims? Most companies use insurance as protection, but not all claims are insurable. For architects and engineers, the solution often means incorporating a limitation of liability clause into their contracts. It’s an excellent way to limit the amount of liability undertaken by design professionals and adds a layer of protection and peace of mind should future problems arise. It may also mean the difference between staying in business and financial ruin.

What exactly is a limitation of liability clause? It’s a provision in a contract that limits the amount of exposure a company can face if a lawsuit is filed or another claim is made. A limitation of liability clause can also “cap” the amount of potential damages a company has to pay and is a highly effective risk management tool. It can also lower insurance premiums and is allowed and enforceable in most states, as long as the language is clear, agreed upon by both parties, and free of ambiguities. The limit can apply to all claims that arise during a contract or it may apply to certain causes of action. Limitation of liability clauses typically limit liability in one of the following amounts:

  • Compensation and fees paid under the contract
  • An agreed-upon amount of money
  • Available insurance coverage
  • A combination of the above

Keep in mind that a limitation of liability clause does not protect from claims by third parties, like members of the public or injured workers. However, claims from contracting parties are more likely to occur.

Of course, a limited liability clause is only as helpful as its ability to be enforced. That’s why the way the contract is drafted is key and increases the likelihood that it can be enforced if needed. Here are some drafting tips to keep in mind:

  • Use clear and concise language: It’s important to ensure that the clause is unambiguous as it relates to the contract as a whole, so no questions arise in the future.
  • Make sure the clause stands out and is conspicuous: It’s as easy as using bold face print or underlining the text in order to set the clause apart and make the other party aware of its existence. Some parties even choose to handwrite the dollar amount of the limit and both parties initial the clause to ensure that they’ve read and agreed upon the terms.
  • Negotiate the clause: Discuss the clause with the party that is signing the agreement and make sure there are no questions or problems that need to be negotiated. Also, be sure to keep notes, drafts, and copies in order to confirm the clause was discussed.

A limited liability clause may not be attainable in every client contract for varying reasons, but negotiating one is always a worthy goal. A limited liability clause is usually considered mandatory for high-risk projects or those performed for very low fees. Limitation of liability clause wording can be obtained from legal counsel.