Special e-Delivery

Email privacy breaches can be costly for your insurance business. The dollar amounts of judgments and the impact of lost customers can combine for a devastating effect on your bottom line.

As regulatory requirements impose greater responsibility on business owners, privacy experts advise that everyone in a business environment understand the truth and consequences about email privacy.

Email Misconceptions

A poll of corporate chief information officers and others in information technology reveals these common email misconceptions:

‘Read’ receipts provide proof that an email was delivered.

• Not true. Although standard email programs offer this as an option, ‘read’ receipts do not hold any legal weight and can be easily forged or denied by the recipient.

‘Sent’ and ‘Archive’ folders store all messages and serve as further proof that email was delivered.

• Don’t believe it. Archived email may show what you sent. But it does not show what the recipient saw. Sent emails can also be edited/ modified and then stored as an archive file, which dismisses it as proof.

Printed email can be used as admissible evidence in a legal proceeding.

• Not a chance. Printed email is easily modified. It is usually deemed inadmissible due to questions about content authenticity, including sent time, delivery proof and message details.

Email is always delivered to its recipient unless the sender is otherwise notified.

• Wrong again. According to Ferris Research, 3% of non-bulk, business-to-business Internet email never gets delivered to its intended recipient. Given the proliferation of spam and blacklisting, some mail systems turn off bounce notices, meaning the sender is not aware of non-delivery.

The Rules

Canada’s Personal Information Protection and Electronics Document Act (PIPEDA) governs business practices for the collection, use and sharing of client data. The act was established in 2000 solely for federally regulated industries. Since 2004, it applies to any organization involved in commercial activity.

Under PIPEDA, agents and brokers have a responsibility to protect their clients’ information. Except for British Columbia, Quebec and Alberta, all Canadian provinces must obey PIPEDA.

The exempt provinces have privacy laws deemed ‘similar enough’ to the federal regulations.

The basic provisions of PIPEDA and provincial acts include:
• receiving permission to gather any initial
personal information from your clients to conduct business;
• making your clients aware of why, how and by whom the information will be used;
• notifying and receiving additional consent from a client if the information will be used for other reasons; and
• providing the client access to its information for modification.

The Risks

Although these provisions sound pretty standard, they carry a lot of weight. A client consenting to provide personal information means the client trusts and relies on your organization to protect that information. In the instance of a privacy breach – including theft, data loss, access denial or wrongful use – the Office of the Privacy Commissioner of Canada or the provincial office serves as a mediator to resolve the issue. Cases can easily be escalated to court action and result in errors and omissions losses. Complaints are escalated to PIPEDA if there is a question about territory lines.

Another significant concern: insurance carriers are uneasy, to say the least, about brokers sending confidential client information via the Internet. Just look at the privacy sections on your carriers’ Web sites. These companies understand the consequences of a security breach, and they feel strongly that your business should align with their own efforts.

What you should do

To avoid legal culpability and to provide care and professional services to clients, insurance businesses must control and prevent risk by introducing information protection standards and tools. This can include storage solutions and data backups to avoid theft and loss. Among the most important and effective tools is a registered email service to reduce the risk of data loss and privacy breach. One insurance professional said sending email without registered protection is like sending a postcard written in pencil.

Registered email services focus on providing email proof and information protection via a paperless approach. RPost Registered Email (www.rpost.com), for instance, specializes in delivering legal email proof of time/date, receipt and content along with email encryption for data protection and authenticated archiving services. Using this type of service, you can always prove who emailed what to whom and when.

Insurance brokers use RPost’s services for business correspondence such as client and carrier/broker communications, post-placement administrative correspondence, binding coverage, verifying strategic conversations, terms and conditions, changes in coverage and more.

The core of a registered email service is to generate legally verifiable and court-admissible evidence that email correspondence was generated from a sender’s desktop email or directly from an application. The sender has proof of delivery, content and timing of any document or notice sent by email, without requiring any clicked links or special action from a recipient.

Technology and the Web continue to furnish an environment that at once offers opportunity and peril. You are advised and encouraged to devise an action plan to avoid accidental or intentional breaches that result in violating your clients’ privacy and your business integrity.