The FTC has sent letters to about 100 organizations warning them that the private data of their customers and/or employees is available on peer-to-peer file sharing networks. The letters recommend that the organizations consider notifying the individuals whose private data is exposed as well as point out that state and federal laws or guidelines may be applicable. According to the FTC press release, receiving a letter does not necessarily indicate that an organization has violated a law enforced by the FTC but in one of the sample letters posted online, the commission does reserve its rights.
We’ve previously discussed some insurance options available for privacy regulatory-imposed civil fines or penalties but one of the elements of privacy coverage that can vary greatly among professional liability insurers is the approach on limits. When evaluating coverage consider if the full policy limit applies to the privacy protections or if it is sublimited. Notification and crisis management expenses coverage provisions often have special limit applications but approaches vary. Also, check to see if the policy retention applies to these coverages. For additional info, review the privacy section of our blog.