12A — October 10 - 23, 2014 — M id A tlantic

Real Estate Journal


I nsurance /T itle

By Neil A. Owens, Elias B. Cohen & Associates New exposures require another review of insurance program design


y now, almost every- one has experienced or at least heard of a

Simultaneously, most insur- ance programs have NOT been designed to account for the expenses and liabilities a busi- ness may incur due to a data breach. Solutions exist to not only manage the risks of a data breach but also transfer the cost of such risk to an insur- ance company for a relatively low cost. For the real estate industry, whether an owner, a manager, or a vendor care- ful consideration should be given to the benefits of a Data Breach Expense & Privacy Li- ability insurance policy. The essence of a data breach

involves loss of Personal Iden- tifiable Information (PII) from a holder of that information. PII can include a variety of information data points in- cluding name, address, social security, credit card, email, driver’s license, date of birth, phone, etc. Most regulations are state specific so the re- quirements are likely to vary from state to state. With the usage of internet based data- base systems to manage the real estate industry, the risks of a data breach have multi- plied. The risk of a bad actor, either internal or external,

represents the largest risks of a data breach. Hacking, malware, or a rogue employees cause the majority of all data breaches. Also, an error in network management could also leave a database exposed, but this is usually in conjunc- tion with some malware or other information gathering software. Although most database systems and merchant pro- cessing systems are designed to be secure and perhaps compliant with Payment Card Industry (PCI), the reality is that most consumers are

signing agreements with data- base and merchant processing vendors that specifically make the consumer responsible for breaches that take place on the consumer’s network, database, or office. As a first step towards risk manage- ment, it would be advisable to review these agreements carefully and request that any indemnification in favor of the provider be removed. As a practical matter, it may not be easy or possible to get these boilerplate agreements modified and hence, the tre- mendous exposure is being accepted. Fortunately, another method to manage these risks is through the use of an insur- ance policy. Most insurance programs have been designed with the basics in mind, and 20 years ago, no one would have even suggested a Data Breach Ex- pense & Privacy Liability insurance policy. In the event of a data breach, business or holders of (PII) must provide notice to affected individuals and in most instances credit monitoring as well. Further- more, in order to comply with the regulatory requirements and mitigate potential liabil- ity, it would be necessary to retain a data breach coach and conduct a forensic inves- tigation of the data breach. The costs to do so can easily be $250,000 or more even if the breach involves less than 20,000 breached individuals. (For businesses that gather less data, the cost may be less but the rate may be higher) Most Data Breach Expense insurance policies include coverage for these “first party” expenses that a business may incur. The expense coverage may be a sublimit on the policy, and careful attention should be given to the amount of expense coverage in relation to the number of individuals on which a business stores data; for example, the number of tenant applicants. Furthermore, after a breach takes place the individuals are notified, it is quite possible that a lawsuit could result from the breached parties. At times, even when little or no damages result, class action lawsuits against the holder of the breached information can be the result. Defending such lawsuits can be very expen- sive. While a typical Privacy continued to page 15A

data breach. As individu- al s we are t a u g h t t o monitor our a c c o u n t s r e g u l a r l y and consider credit moni- toring servic-

Neil A. Owens

es or expense coverage under a personal insurance policy. As a business owner; however, the exposure to a data breach can be much more expensive.

$1,160,000 Our Safety Group members saved over in the last 6 years on Workers Comp costs. How much did you save? Significant discount upfront on Workers Comp! Declared dividends four years in a row!*

For further details on how to gain the rewards of participating in the new Professional Real Estate Owners and Managers Association Inc. Safety Group #204, please contact: Neil Owens, CIC, Esq. Safety Group Administrator neil_owens@cohenins.com Tel: 973-403-9500 • 800-277-9505 Fax: 973-403-7755

Savings off the cost of Workers Comp coverage are now possible for eligible members of the NJAA who join our unique Workers Compensation Safety Group. Participation also offers these advantages: • Up front discount – most other carriers have reduced or eliminated managed care credits • Potential dividend based on experience of this large group

– 4 year average of declared dividends is 9.75%* • Easier audit process due to calendar year policy • Customized risk management with the insight of E. B. Cohen experts

Insurance Agents Brokers, Consultants & Risk Managers for the Real Estate Industry

* Past performance is no guarantee of future results. 2013 to be declared December 2014.

101 Eisenhower Parkway, Roseland, NJ 07068 • www.cohenins.com

Made with FlippingBook - professional solution for displaying marketing and sales documents online