Is coverage for violations of privacy laws and regulations readily available? The current marketplace does offer a variety of options when it comes to purchasing data privacy and security protections. So, while you may easily find third party identity theft and security breach protections for your clients, coverage for privacy regulatory-imposed civil fines or penalties can be more difficult to secure. And if you do find it, it may only be available via endorsement.
If your client does experience a security breach resulting in the misuse of private consumer information, it’s possible a regulatory fine or penalty could be imposed. For example, ChoicePoint, which experienced a security breach affecting 163,000 of its customer records, settled with the FTC in the amount of $10 Million for civil penalties arising from its violations of the Fair Credit Reporting Act. Unfortunately, not all markets with privacy/security coverage offerings, would deem this type of penalty insurable. Defense coverage for regulatory actions may be available but the coverage provider may consider it against public policy to provide protection for the civil penalty itself. Or the coverage provider may not be comfortable with the exposure.
It may be interesting to draw a comparison between not covering privacy law/regulatory violations and not covering punitive damages. Punitive damages coverage is widely available, subject to each state’s laws for insurability. While coverage for privacy/regulatory violations is currently not as widespread, it seems possible that more markets could get comfortable with covering it, just as they have become comfortable with offering punitive damages protection. For more on privacy concerns, visit the privacy section of our blog.