Dig a Little Deeper
By Bruce Hicks, CPCU, CLU
FINGERPRINT FRACAS
What happens when customers learn that their private information has been shared with a third party?
The Court Decisions column is a popular feature in Rough Notes magazine, in part because the courtroom is where the promises made in an insurance contract often become real. All insurance professionals can develop “what if” scenarios, but until those scenarios are tested with an actual loss and a court decision, they remain mental exercises. This column comes from the industry expert editors of Policy Forms & Manual Analysis (PF&M). This is a knowledge base consisting of more than 15,000 pages of coverage explanations from Rough Notes Company’s digital solutions. The editors are going to dig a little deeper into one of those court decisions to identify a coverage problem, provide possible solutions or offer broader perspectives.
The case featured here, West Bend Mutual Insurance Company v. Krishna Schaumburg Tan, Inc., calls to question how well the needs of the insured operations were met. A business at the time of the loss was covered by a business liability policy. Specifically, a tanning salon was sued by customers accusing it of invading their privacy rights. As part of the salon’s membership, it collected fingerprints as well as other information from clients. The lawsuits arose when customers became aware that the information was shared with a third party.
What happens when customers learn that their private information has been shared with a third party?
The salon’s insurer denied it had an obligation to defend the salon. It relied on its policy language, which made reference to statutes involving communications, in an exclusion related to losses arising out of emails, faxes, and similar communications. The litigation was eventually resolved in favor of the aggrieved customers after an initial hearing and two levels of appeals.
The courts ruled that neither the statutes nor the policy exclusions applied to the harm arising out of sharing biometric information with others. In this case, the incident involved a violation of privacy rights with the insurer having to respond to a personal/advertising injury exposure.
So, there are issues that caused a dispute and a misunderstanding among all of the relevant parties.
Ideally an insurance policy, together with all endorsements and exclusions, is supposed to accurately reflect the exposure an insurer intends to cover at a price that matches the accepted risk. The insured business has the expectation that the coverage it has purchased includes protection against its known vulnerabilities to loss that arise out of its operations. The aggrieved parties held the expectation that a source of coverage was available to respond to the harm they alleged being committed by the business.
Increasingly, more sophisticated technology is being used by businesses in their operations. Collection, storage and use of customer data are at the forefront of consumer concerns. Private information is commonly shared between businesses, which creates more chances of loss related to the data being misused or accessed by unauthorized parties.
The onus is upon the parties to be more transparent.
Insurers wishing to manage the scope of risks they accept have to be more vigilant regarding their intent. As experts in recognizing risk and how the risk environment is changed by technology, insurers have to be more cognizant of a need to be clearer on how their various products respond to loss exposures. If unsure of the adequacy of policy and forms language, greater care must be taken when gathering information and evaluating submissions.
Personally identifiable information has long held the status of being a business asset, a source of generating revenue and an attractive target of criminals as well as valuable to other businesses seeking to create their own revenue opportunities.
Insurance professionals cannot serve their clients or their own interests if they don’t gather sufficient information to evaluate the exposures represented by a prospective client/policyholder. Applications, surveys, and underwriting must, on an ongoing basis, be developed and improved. If efforts and processes are not rigorous and consistent, an insurer will not secure business that matches its risk appetites, pricing, and underwriting objectives.
The author
Bruce D. Hicks, CPCU, CLU, is senior vice president, Technical & Educational Products Division, at The Rough Notes Company, Inc.. He has more than 30 years of property/casualty insurance experience, including personal and small business underwriting as well as compliance duties for several national and regional insurers. Active in the CPCU Society, Bruce served as a governor of the organization from 2007 through 2010 and currently serves on its International Interest Group Committee.