3. THE NUMBERS THE SITES
500,000,000 +
100,000,000 +
50,000,000
500,000,000
Facebook Users in 2010
Facebook Mobile Device
Application Users
Twitter “Tweets” per day
Minutes per month spent
on Facebook
4. Security Claims Failure of network and information security
Privacy Claims Failure to protect private or confidential information
Media/Content Claims False advertisement, false endorsement and
disparate access to information
Intellectual Property
Claims
Infringement of trademark, copyright and trade
secret information
Employment Claims Breach of employee privacy, failure to protect
employees from online harassment, use of web-
based research in employment decisions and
libel/slander/disparagement
Professional Liability
Claims
Breach of ethical duties and professional standards
(esp. for lawyers, securities brokers, directors and
officers)
5. Duty to protect private and confidential
information
Breach of security or disclosure of this type of
information costly
Research to determine the scope of breach
Notice to affected parties
Suits and damages for actual injuries
6. Highly regulated:
Federal regulation and guidelines
Lanham Act
State consumer protection laws
Three general issues:
False or unsubstantiated advertising
False, misleading or unauthorized endorsements
Disparate access to information
7. Breach of another’s protected IP
Another’s breach of your protected IP
Employee disclosure of confidential and
proprietary information
9. 74% of managers believe that SNS put their
company’s reputations at risk.
Potential Claims or Issues
Defamation Claims for Statements Made Online
Admissions Against Interest in Litigation
Providing “Free” Discovery to Opposing Counsel
Breach of Employee Privacy by Employers Accessing SNS Sites
Violation of Non-Competes through Job or Customer Searches
Employee Discrimination and Harassment Claims
Defamatory Statements made about Employer by Employees
10. Breach of ethical duties
For lawyers: unauthorized advertisement; ex
parte communications with court; and disclosure
of confidential information
For securities brokers: misrepresentations in sell
of securities and disclosure of confidential
information
Breach of professional standards
Mismanagement and self dealing of directors and
officers
11. As the means by which we communicate
change, old risks evolve and new risks
emerge
Brokers :: insurance industry trying to
respond to the risk, but has not caught up
Gaps in coverage, ambiguities in terminology
create challenges for insureds who want to
ensure that they have covered their modern-
day risks and liabilities
12. Social media exposures cut across multiple
policies, depending on the exposure issue:
Cyber liability (privacy and data security)
Defamation, libel or slander
Copyright infringement – consider Facebook
Media / content liability
Employment issues
Professional liability
13. 1st Party Coverage 3rd Party Coverage
Direct loss to business from
injury to electronic data or
systems
Liability to others for financial losses
resulting from internet or other
electronic activities
Business interruption
Notification costs
Crisis management expenses
Data restoration
Extortion payments
Credit monitoring
Theft of company data &
intangible property
Forensic costs/expenses
Network security breaches (e.g., failing
to detect and prevent transmission of a
virus to third parties)
Privacy violations (e.g., flaw in IT system
gives hackers access to patient
information)
Media and content practices (e.g.,
liability for deceptive and misleading
advertisements on website)
14. No standardized policy terms … yet
Coverage often (always?) applies only to
protected data (e.g., Social Security number
or confidential health data) – does not extend
toTwitter, Facebook and other social media
sites (which do not gather protected info)
Ambiguity
What = private?
Terminology not uniform
15. Example: The Hartford launched CyberChoice 2.0 in
2008, describing the policy as a combination of
E&O and first-party coverage
Third-party liability coverage for data privacy and network
security liability; Internet and electronic media liability;
professional services liability
First-party coverage for business interruption; cyber
extortion coverage for threats against data and identity
theft
IP coverage for advertising and tech products
Reimbursement of expenses in event of breach ::
notification costs, crisis management, fines, credit
monitoring, experts
16. Cyber liability coverage designed to address risks
associated with storing electronic data via web-based
communities
CGL coverage limited to BI, PD, PI & AI
No coverage for identity theft, damage to intangible
property
May provide coverage for invasion of privacy
Coverage for cyber-specific remedies
Notification costs
Fines & penalties
Crisis management (might be covered by endorsement)
17. Example: Electronic data liability
endorsement on CGL policy (2001 form)
Modifies definition of “advertisement” to include
“notices placed on the Internet or on similar
means of electronic communication”
Regarding websites, only that part of insured’s
website about its goods and services =
advertisement
Coverage territory = “all other parts of the world”
if personal injury through Internet
18. CGL policies issued
after 2001 may cover
“personal injury” and
“advertising injury”
(also “personal and
advertising injury”)
Defined terms are
important – scope of PI
and AI can differ
19. Personal Injury
Defamation, libel &
slander
Misappropriation of
likeness, false light
Invasion of privacy,
unreasonably publicity
Advertising Injury
Misappropriation of
ideas, plagiarism,
infringement of
copyright, title or slogan,
piracy
Defamation, libel &
slander
20. 2005 form – amending
personal injury and
advertising injury
coverage
“Coverage territory”
defined to include other
parts of the world if
injury takes place online
21. Personal & Advertising Injury Exclusions
Knowing violations of rights of another
Material published with knowledge of falsity
Insureds in media or internet businesses (e.g.,
internet search, access, content or service
provider)
Electronic chatrooms or bulletin boards
22. Early libel case (filed in 2009)
involving tweets and MySpace
posts
Following an escalating dispute, a
fashion designer accused Love of
posting “false and malicious”
statements about her
The designer sued Love in
conjunction with the online rant;
Love settled for $430K in March
2011
23. CGL policy – by
endorsement, no
coverage for
“unsolicited
communications” –
facsimile, e-mail,
posted mail (i.e., snail
mail) or telephone
24. Post-2001 CGL may cover copyright
infringement “in your advertisement” – may
expressly extend to web-based marketing /
advertisements
Professional liability for architects &
engineers may cover copyright infringement,
piracy, plagiarism, misappropriation of ideas
in rendition of professional services
Non-professional services, non-advertising IP
claims may not trigger coverage
25. Employment Liability
Does social media present an enhanced risk?
Sexual harassment :: EPL coverage
Hostile environment :: EPL coverage
Importance of social media & electronic device
policies and procedures
Employer Liability
Ensure the policies extend coverage to employees
26. E&O for a tech company may look a lot like
cyber liability
PL or E&O for everyone else is going to be
limited to wrongful acts in the rendition of
professional services
Does this cover marketing activities regulated by
the state bar? How about unauthorized practice
of law issues – perhaps arising from answering a
question posed by someone in another
jurisdiction on AVVO?
Ethical issues
27. This architects & engineers
PL policy excluded coverage
for
“copyright infringement” –
but by endorsement added
coverage for plagiarism,
piracy or misappropriation of
ideas under implied contract
Insurer covered lawsuit
against architect alleging
copyright infringement
28. CGL policy issued to a
tech company – by
endorsement, no
coverage for computer
software errors and
omissions
Acts, errors or omissions in
design, licensing, selling,
etc.
Actual or alleged
unauthorized duplication
or unauthorized use
29. Social media policy
Training and monitoring on appropriate social
media use
Educate the C-suite
Data breach incident response plan
Firewalls? Block social media use during
business hours?
30. Are underwriters, brokers & insureds using the
same words to convey the same concepts
Answer: No.
Part of the challenge is the new, increasingly
global economy, which stems in part from global
access via the web. Exposures differ from
country to country – in the UK, privacy is
protected; in the US, the right to privacy is more
limited.
R U covered? According to brokers, the
insurance industry hasn’t caught up with the
risks.