The first auto insurance policy was issued in the U.S. in 1898 and offered US$5,000 of liability coverage to Dr. Truman Martin of Buffalo, New York. As the Insurance Journal remarks, “Martin would likely have been more concerned with crashing into one of the country’s 18 million horses, rather than another of the 4,000 cars in the U.S.” Traveler’s Insurance took a bit of a risk, banking on auto technology making the horse obsolete. Today, insurance companies again find themselves entering a new era. Privacy concerns, like cars, are quickly becoming more numerous and are jamming our information highways. The threat of adverse events increases proportionately as well. Privacy insurance is, in many ways, in its infancy in Canada, but privacy is an issue that is only going to grow in importance.
How can insurance companies relate the pressing need for this coverage to their clients? The first, and best, step is to educate their customers – and themselves – about the risks and about what policies should address. While there is much to learn about privacy policies, here are five broad areas that are of concern for insurance companies:
- Privacy breaches and litigation do happen in Canada. Numerous breaches have occurred in Canada, and legal action is being taken against companies that have failed to safeguard private information. Honda Canada is just one example: a class action was launched seeking $200 million in damages after hackers accessed the personal information of 283,000 customers. Canada is not immune to this epidemic, nor are small and medium enterprises. SMEs, in fact, face the biggest exposure.
- Insurance policies need to have a first-party emergency response built-in. In many cases, policies are focused on third-party responses, or agreements to pay for damages. However, the major expense that businesses incur after a breach is in responding. From notifying affected parties to implementing credit monitoring, to retaining legal counsel to respond to the Privacy Commissioner’s investigation, this is a tremendous exposure for companies. Policies have to be developed to respond to this aspect of privacy breaches, and this need has to be communicated clearly to those seeking protection.
- The majority of privacy policies are not written in Canada. Policies are more apt to have been written either in the United States or London, but this can leave gaps in protection. Privacy legislation in Canada is unique, and policy wording needs to be tailored to the Canadian jurisdiction, with contemplation of data being transmitted around the world, and indeed exposures and litigation arising around the world. This is a very specialized area of insurance, and law, and insurance companies can benefit from advice and input in developing policies that respond to the uniquely Canadian environment.
- Privacy policies are new products. They are filling gaps between traditional products. Customers need expert advice in auditing their current coverage, determining what their needs are, and tailoring a program to fit those requirements. Privacy policies are not off-the-shelf solutions; they are not commoditized like many other insurance products. The insured needs to understand their unique needs, but it is also helpful for insurers to seek expert help in developing products that respond to these unique needs, thus providing value to their customers.
- Privacy insurance is a growing market. Protecting privacy is an ongoing concern for businesses; it also represents an opportunity for insurance companies to act as “early adopters” and begin building and offering comprehensive policies and programs for clients.
Insurance companies face a great challenge in navigating complex Canadian privacy legislation but also great opportunity in being among the first to offer truly effective, made in Canada protection for their clients. GSA offers the experience and specialized expertise insurance companies need to maximize this potential, while helping them in turn reduce their clients’ risks.