Canadian Underwriter

The Privacy, Pricing and Policy Predicament

January 20, 2011   by Suzanne Sharma

Print this page

Defamation, privacy and legal jurisdiction were among the hot topics discussed at the Social Media: Risks are Interconnected town hall event held on October 7, 2010, at the offices of Rogers Communications in Toronto.

The morning workshop was co-hosted by Chubb Insurance Company of Canada and Canadian Insurance Top Broker magazine, and featured P&C experts who revealed that while the insurance industry commends itself on being ahead of the curve, it still has a lot to learn where social media is concerned.

Alison Woodbury Media defence lawyer

Web 2.0: Beyond defamation and privacy
Social media is still a fairly new phenomenon, and many people are just beginning to use it in the business world. As such, the legal issues around it are uncertain and may not be settled for years to come.

“The fact of the matter is we don’t know how the courts will react in regard to Web 2.0 (social networking sites, blogs), but we do know how they’ve dealt with predecessor Web 1.0 (websites, email),” said Alison Woodbury, media defence lawyer.

The main issues that courts have dealt with to date are the increasing speed and ease of content acquisition and use, the loss of control over content, and the fact that technology allows quick reaction and remediation of the liabilities resulting from these issues, according to Woodbury.

Specifically, one of the greatest concerns is the injury to someone’s reputation, or defamation. If you publish something that insults someone else, you will be held responsible–whether or not you meant it. This holds true even if you post a link that is defamatory on your website or forward a link in an email and invite others to click on it, said Woodbury. Also, if there is a comments section on your website and a third party posts a defamatory statement, you may also be held responsible as a publisher.

She suggested the best way to rectify this is to remove the comment.

“You can analyze and put it back up if you choose to afterwards,” she said. “And do you apologize? If you do, it can help mitigate the damages. If you don’t, it will certainly aggravate them. But if you do apologize, do it properly because a poor apology will also aggravate damages. Courts are taking Internet defamation just as serious as traditional media publication.”

Another important issue with Web 2.0 is privacy. An example of a privacy breach is if an employee publishes confidential company data (whether knowingly or by accident) on social media websites such as Facebook or Twitter.

Security breaches are beginning to occur on a daily basis in North America. In the US, for instance, publishing credit card numbers online is a growing concern. According to the Ponemon Institute, this type of data breach can cost an average US$204 per record, noted Matthew Davies, senior underwriting specialist at Chubb Insurance Company of Canada.

“That’s only the hard costs,” said Davies. “It doesn’t include the time-consuming ones, [such as] the forensic investigation, or the loss of clients if your reputation is damaged.”

While privacy breaches can cause insurmountable financial and reputational damage to a business, almost half of Canadian companies are not concerned about it, said Greg Shields, partner at Mitchell Sandham Group, Corporate Risk Management. He noted that, according to the Officer of the Privacy Commissioner of Canada, 68% of Canadian companies do collect private information, and only 12% think their company is taking privacy protection seriously.

Additionally, each of these risks is heightened because cyber space knows no boundaries. What is legal in one country may or may not be in another.

“Jurisdiction is destroyed in terms of every expectation you have,” said Davies. “If you publish something in Canada and it’s downloaded in France, and someone has a problem with it there, that’s where you may face the music.”

Industry struggles to catch up
The difficulty with the insurance industry is that it takes years to build a product that works and only weeks for it to become out of date, according to Davies.

He added the biggest dilemma for underwriters is that there is no central reporting system.

“You’d like to think we’re sophisticated enough to track casualty and property losses in such a way that actuaries can pull information,” said Davies. “For example, that there’s a difference between frequency of slip and fall in a gravel parking lot versus a paved parking lot . . . we don’t have that information.”

Matthew Davies (left) senior underwriter with Chubb, and Don Huff, vice president of enterprise risk management for Rogers Communications.

Accident benefits and auto insurance are the only areas that underwriters report to the Insurance Bureau of Canada.

“We aren’t collecting the granular data in terms of where losses arising out of the Internet are currently being paid,” he stated. “It’s a question of under what line of coverage are they being paid? How are we capturing that information in order to better understand our exposures, and how to express the risk mitigation that an underwriter wants to put in place?”

Because Internet claims aren’t being accurately reported, pricing becomes a problem.

“To price and predict [rates], you need to have [thousands of] fully developed and closed claims in a similar area,” said Davies. “If we’re not tracking the information in the world of Web 2.0, pricing is out of the air.”

Lastly, he warned brokers and their clients that there are plenty of coverages, but none of them cover the whole spectrum, including cyber liability.

“The solution for the industry is coming up with either a new product, or tacking on an endorsement to an existing coverage,” he said. “But be careful what you sell, because you may be selling nothing.”

Don Huff, vice president enterprise risk management at Rogers Communications Inc. added that while there are many risks in social media, the success of any risk management program starts at the top with the executives. Next is education through town halls, team meetings, and ensuring staff is aware of their role. Also, a company should proactively manage and monitor their brand on social media websites.

Tips for Brokers

Brokers must identify social media exposures to help mitigate risks for their clients, according to Greg Shields, partner at Mitchell Sandham Group, Corporate Risk Management.

Greg Shields Mitchell Sandham Group

“I use their application as a risk identification model. So when we bridge to the insurance topic with the client, they’ve already answered questions and they didn’t even know it — and have already started their loss control and risk management.”

Other advice from Shields included:

  •  Review the risk transfer contracts, and insurance or contractual agreements from all third-party vendors used by the client, such as general liability and E&O. Third-party risk management has a direct effect on structuring the client’s own insurance program. Next, review any existing or available insurance policy that the client already has.
  •  Provide a quotation in writing. Many clients are new buyers, so brokers must include the costs or anticipated costs of insurance in their budgeting. If the client doesn’t see the value of these products, they will reduce the quality of the insurance.
  •  Let clients know there is no regulation in pricing or standards so doing a side-by-side product comparison is impossible.

Copyright 2010 Rogers Publishing Ltd. This article first appeared in the November/December 2010 edition of Canadian Insurance Top Broker magazine.

This story was originally published by Canadian Insurance Top Broker.