Emerging Exposures NOT Insured by SC Insurance Reserve Fund - PowerPoint PPT Presentation

About This Presentation

Title:

Emerging Exposures NOT Insured by SC Insurance Reserve Fund

Description:

Title: EMPLOYMENT PRACTICE LIABILITY in the UNITED STATES Author: Yacira Valdez Last modified by: william hall Created Date: 6/9/2000 6:30:13 PM Document presentation ... – PowerPoint PPT presentation

Number of Views:174

Avg rating:3.0/5.0

Slides: 28

Provided by: Yac97

Learn more at: https://gfoasc.org

Category:

more less

Transcript and Presenter's Notes

Title: Emerging Exposures NOT Insured by SC Insurance Reserve Fund

1
Emerging Exposures NOT Insured bySC Insurance
Reserve Fund
2015 GFOASC Fall Conference Myrtle Beach, S.C.
March 15, 2015
Presented by Greg Jones Senior Vice
President Wells Fargo Insurance
Services 843-573-3560 Direct Greg.A.Jones_at_WellsFar
go.com
2
AGENDA

Introduction
Basic Coverages from IRF
Changing Legal Landscape
Emerging Exposures Insurance
Employment Practices Liability example
Available insurance for uninsured exposures
Fiduciary
EPL Management liability
Pollution liability
Cyber Liability
Common gaps and gotchas
Q A

3
Introduction to SC IRF

Only state owned insurance company in US
Standardized forms in 1985/86
Limited Eligibility
Generally good, basic insurance coverage
Very limited flexibility
Not rated by AM Best
Now part of State Fiscal Accountability Authority

4
South Carolina Insurance Reserve Fund

Basic Coverages from IRF
Buildings personal property
Data processing equipment
Business Interruption/Extra Expense
Builders Risk
Inland Marine (floaters)
General Tort Liability (i.e. Commercial General
Liability)
Medical Professional Liability
Auto liability physical damage
School Activity Vehicle Coverage
Underground Storage Tank coverage
Prepaid legal

5
Changing LEGAL LANDSCAPE
6
Brief History of Employment Practices Liability

1991
Tailhook scandal
Clarence Thomas Hearings
1991 Civil Rights Act

7
LEGAL LANDSCAPE

STATUTORY BASIS (FEDERAL)
Title VII of the Civil Rights Act
race, gender, religion, national origin, etc.
Includes same sex harassment
Allows for Jury trial
Compensatory Punitive damages capped
Age Discrimination in Employment Act (ADEA)
Americans with Disability Act (ADA)
Family and Medical Leave Act (FMLA)
Pregnancy Discrimination Act
Equal Pay Act

COMMON LAW
Breach of Contract
Wrongful termination
Negligent and Intentional infliction of emotional
distress
Defamation
Invasion of Privacy
Negligent Hiring/Supervision
Misrepresentation

8
Common EPL claims
Wrongful Failure to Employ or Promote
Wrongful Dismissal, Discharge or Termination
Deprivation of Career Opportunity
Negligent Employee Evaluation
Breach of Employment Contract
Wrongful Discipline
Harassment
Failure to grant tenure
Racial, Gender, Age, National Origin, Religion,
Sexual Orientation, Pregnancy or Disability
Discrimination
Violation of Civil Rights
Client and Customer Claims for Discrimination and
Harassment
Employment Related Misrepresentation or Personal
Injury (libel / slander / defamation)
Retaliation
9
HISTORY OF EPLI

First Policy Created in 1985
Interest Grows in 1992
Current Environment
-Stand alone EPL
-Combination with DO/Management Liability
-Endorsement to Commercial General Liability

10
GAPS IN EPL COVERAGE

S.C. Insurance Reserve Fund
Tort Policy covers personal injury claims
Covers discrimination on basis of race, sex,
age, religion, or handicap
Excludes retaliation (1998)
Can purchase Pre-paid Legal Defense coverage

11
WHAT IS A CLAIM UNDER AN EPLI POLICY?

EPLI Polices are Claims-Made Policies. Claims
have to be reported as soon as practicable -
during the policy period.
CLAIM may be
Written demand for Monetary Damages
Administrative Charge - EEOC or similar state
agency charge of discrimination
A civil lawsuit
Demand for arbitration

12
COMMON EXCLUSIONS

Prior Notice
Pending Prior Litigation Date (includes
administrative charges)
Bodily Injury/Property Damage
OSHA/Workers Compensation
Disability/Unemployment Compensation
ERISA/Breach of Fiduciary
National Labor Relations Act
Fair Labor Standards Act/Similar State Wage
Hour Claims
Breach of Express Written Contract
Costs of Physical Modifications under ADA

13
WHAT ARE THE GOTCHAS?

Claims-made and Reported
-Need incident reporting
-Potential Issues at each renewal
-Very careful when changing insurers
-Notice/awareness provisions
Definition of employee
-Independent contractors?
-Leased/temporary employees?
-Volunteers?
Defense cost within limits
SIR vs. Deductible
Panel Counsel
Indemnity vs. duty to defend
Hammer clause
ERP or tail issues (mini tail)
Application a warranty?

14
Issues to Consider Prior to Purchasing an EPLI
Policy

Limits/Self Insured Retention
Broad Definition of Wrongful Employment Act
Punitive damages coverage
Option to select defense counsel
Third party coverage - Covers Claims brought by
vendors, clients, customers or other
non-employees
Amended Reporting Provision - Risk
Manager/General Counsel Human Resources mini
tail provision
Full prior acts coverage
Bordereaux Reporting
Risk management tools

15
Other Available Insurance

Coverages from Commercial Insurance
Fiduciary liability (ERISA 1974)
EPL Management Liability (1991 2000)
Pollution liability (1988-89)
Cyber Liability (2010)

16
Cyber Liability Insurance

Coverages Available
3rd Party Liability for Privacy breach, Network
Security, or Regulatory
1st Party Coverage for Privacy notification,
crisis management, credit monitoring and
forensics.
Other 1st Party Options cyber extortion,
business interruption, data restoration.
Limits Available-Two Approaches
One limit with fund sublimits
Number of Persons notification approach

17
Marketing Summary
CARRIER LIMIT OF LIABILITY RETENTION (Each Claim) ANNUAL PREMIUM
ACE USA (Indication Only) 3,000,000 5,000,000 250,000 250,000 85,000 - 105,000 115,000 - 135,000
Axis Insurance Co. (Non-admitted) 1,000,000 3,000,000 5,000,000 250,000 250,000 500,000 48,291 102,417 145,923
Chartis (Admitted) 1,000,000 3,000,000 5,000,000 150,000 / 250,000 150,000 / 250,000 250,000 / 250,000 46,601 78,000 122,000
Federal Insurance Co. (Chubb) No response as of 1/4/11 N/A N/A
Beazley (Non-admitted) 3,000,000 5,000,000 10,000,000 100,000 100,000 250,000 88,413 122,137 182,294
C.N.A (Non-admitted) 1,000,000 3,000,000 5,000,000 100,000 100,000 250,000 46,050 97,755 127,565
Zurich (Admitted) 1,000,000 3,000,000 5,000,000 250,000 250,000 500,000 43,433 65,877 91,645
18
Legal Issues The Regulatory Environment
Legislation has now imposed affirmative duties on
companies as to how they handle data, principally
client/customer information

Gramm Leach-Bliley Act Requires financial
institutions to safeguard customers records and
information against unauthorized access. Imposes
major privacy and security requirements on
financial services companies
Health Insurance Portability and Accountability
Act (HIPAA) Healthcare organizations required to
safeguard individually identifiable health
information. Imposes penalties on organizations
that violate HIPAA (further amended by the HITECH
Act)
California SB1386 A California law requiring
companies to notify their CA customers and
employees of computer security breaches. The law
applies to any business that stores customer and
employee information electronically even if the
company is not based in the Golden State.
Privacy Breach Notification Laws Spreading of
California SB 1386 adopted by 47 states as of
December 2010. Duty to notify customers where
consumer/customer information has been
compromised (electronic or non-electronic means,
state legislation varies)
Massachusetts Privacy Law 201 CMR 17.00 This
law is the first state law to require specific
technology when protecting personal information.
If you do business with residents in MA or have
employees that reside in MA, compliance is
mandatory by March 1, 2010.

19
Legal Issues and The Regulatory Environment

PCI Security Standards The standards globally
govern all merchants and organizations that
store, process or transmit cardholder data. PCI
security standards are technical and operational
requirements set by the Payment Card Industry
Security Standards Council (PCI fines not
generally covered under insurance policies).
FACTA (Fair and Accurate Credit Transactions
Act) Prohibits businesses from printing more
than 5 digits of any customers credit card
number or card expiration date on any receipt
issued at a point of sale. For machines in use
before 1/1/05, the merchant has 3 years to
comply. For machines in use after 1/1/05, the
merchant has one year to comply.
Red Flag Rules Established by FACTA, requires
financial institutions or creditors to develop
and implement an Identity Theft Prevention
Program in connection with both new and existing
accounts. The program must include reasonable
policies and procedures for detecting, preventing
and mitigating identity theft.
Federal HITECH Act health plans, health care
providers and health care clearinghouses (ie.
Covered entities), among other things, must
review and update their business associate
agreements, as well as their privacy and security
policies and procedures. Requires that any data
breach event exceeding 500 records be reported to
the Department of Health and Human Services.

20
What Should You Be Asking?

Have we analyzed our cyber liabilities?
What legal rules apply to the information we
maintain or that is kept by vendors, partners and
other third parties? The laws surrounding
breaches are complex.
Have we assessed our legal exposure to
governmental investigations?
Have we assessed our exposure to suits by our
customers, vendors or suppliers?
Have we protected our organization in contracts
with vendors?
What laws apply in different states and countries
in which we conduct business?
Do we have adequate staffing to reasonably
maintain and safeguard our important assets and
processes?
Have we prepared an incident response plan and
business continuity plan?
Do we have a documented, proactive crisis
communications plan?
It is critical to have a solid incident response
plan in place prior to any security or privacy
breach.

Questions supplied by the The Financial
Impact of Cyber Risk Publication American
National Standards Institute (ANSI) and Internet
Security Alliance.
21
Vendor Management Requirements

IT/Software Companies
Request Tech EO to include network
security/privacy coverage
Some Tech EO policies have security/privacy
exclusions
Other Business Services Payroll, Auditors
Request appropriate EO coverage to include
network security/privacy
Credit Card Processors/Acquiring Banks
Request Network Security/Privacy Coverage
Other Vendors that interact with your systems or
sensitive information, or handle information on
your behalf
Request Network Security/Privacy Coverage

22
What Can Be Covered Under a Network Security
Privacy Policy?

Breach of Security Your liability to third
parties arising out of a failure of your network
security that results in a computer attack. Such
failure can be caused by unauthorized access or
use, transmission of a computer virus or a denial
of service attack.
Invasion of Privacy Your liability arising from
disclosure and release of confidential or
personally identifiable information stored on
your computer system caused by a failure of your
network security.
Enterprise Privacy Your liability arising from
any breach of privacy including violations of
HIPAA, GLB or any state, federal or foreign
privacy protection law (including regulatory
defense expenses, notification expenses, credit
monitoring, crisis management expenses)
Identity Theft Your liability arising from theft
of personal information of your employees,
customers or clients.
Cyber Extortion Protection against threats or
demands made against you involving your computer
network.
Internet Media Defamation, Libel and
Slander/Personal Injury Liability arising out
of the content disseminated on your Internet
site includes intellectual property infringement
exposures
Business Interruption Business Interruption
losses sustained by you arising from the
interruption or suspension of your computer
network, due to failure of security (including
extra expenses)
Data Asset Coverage Information asset protection
for you for property losses involving data,
computer systems and information assets arising
from a computer attack.

23
Enterprise Privacy Coverage

Non-network Privacy Breaches What happens if a
breach, which exposes confidential information,
does not arise out of a failure of security of
your computer system? ie. paper, PDAs, lost
data tapes.
Accountability For Outside Vendors Your
liability arising from others working on your
behalf (those which you are legally responsible
for).
Employee Privacy Exposure What happens if a
breach causes your employees confidential
information to be compromised?
Regulatory Defense Expenses Defense costs
involved with a regulatory proceeding, a request
for information, demand, suit or civil
investigation by or on behalf of a government
agency arising from allegations of violation of a
privacy regulation (may include coverage for
fines penalties and related consumer redress
fund expenses)
Notification Expenses Costs to notify your
customers/clients of security or privacy
breaches. Most insurers will provide a sub-limit
of coverage to assist with these expenses.
Credit Monitoring Expenses Costs to provide your
customers/clients with credit monitoring services
as a result of privacy violation, if you have the
duty to provide.
Crisis Management Expenses Reasonable and
necessary expenses incurred by you and approved
by the Insurer in retaining the services of a
public relations firm, law firm for advertising
or related communications to assist with
mitigating harm to your reputation.

Regulatory Expenses, Notification Expenses,
Credit Monitoring and other Crisis Management
Expenses are generally offered on a sub-limited
basis and varies by carrier.
24
Common Features Gotchas of Additional Coverages