What to look for in an information technology policy
The IT sector is predominantly composed of small companies and to a lesser extent large well-established companies with global reach. Information technology covers a broad spectrum of services, including website developers, software developers, application service providers, network administrators, security consultants, and computer system consultants, just to name a few. All have inherent exposure to risk and as such are subject to potential financial liabilities. Generally, an IT claim arises from a financial loss incurred by the client and in many cases the settlement exceeds the value of the work. IT claims are particularly expensive to defend due to the technological aspect and the need for experienced counsel and experts.
Below is an example of an IT Errors & Omissions claim where the lack of cooperation and miscommunication subsequently resulted in litigation.
IT Company entered into an agreement with Client to lease and provide training of their proprietary human resources software. IT Company experienced problems from the start of the project as Client’s human resources’ department chose this software against the recommendation of its own IT department. Client was to supply a personnel database to the IT Company within a specific period. Delivery of the database was several months late, which seriously affected the overall timeline of the project. In addition, Client continuously requested modifications outside the scope of the agreement thereby leading to strained relations between the two parties. Client put IT Company on notice to remedy all problems within 30 days or they would terminate the contract. IT Company requested full cooperation in order to deliver the final product and demanded payment of all outstanding invoices. IT Company felt that the Client was responsible for all of the delays in the project. As such, Client was no longer prepared to maintain the relationship and demanded reimbursement of all monies paid. Client initiated litigation not only for the refund of all monies, but also for additional costs incurred to revert to their previous human resources system. This claim has been ongoing for three years and has been very distracting to the management and operations of the IT Company. Legal costs have since been accumulating and without insurance, they would be at risk of incurring a considerable financial burden.
In addition to financial loss claims, IT professionals may also be exposed to intellectual property-type claims for media exposures. These include infringement of copyright or trademark, invasion of privacy, plagiarism, piracy or misappropriation of ideas or trade secrets, infringement of trade dress, domain name, title or slogan, dilution or infringement of trademark or service mark.
Examples of copyright infringement claims can vary from allegations of unlawfully posting a third party image on a website without a license to do so, allegations that a design of a video game character resembles a competitor’s video game figure, or using a celebrity’s name to endorse a product without their permission.
As for trade secrets, a typical claim may occur when companies hire employees from a competitor who subsequently alleges that their trade secrets are being disclosed or used. These types of claims are generally complex, lengthy and costly. While this is an exposure for many businesses, the IT sector is particularly susceptible to this due to the specialized knowledge that IT employees possess.
As can be seen from the above claims examples, IT professionals face several types of liability exposures. Therefore, securing the proper insurance to meet their needs is of the utmost importance. In fact, our experience shows that legal costs can generate up to 50% of the overall claim costs.
Professional liability policies are written on a claims-made basis. This means that the policy will respond to claims or incidents made or occurring during the policy period. In other words, the policy must be in force to report a claim or an incident.
Below are some key coverage features that should be included in an IT E&O policy.
Professional Liability: The IT E&O policy should extend professional liability coverage to include IT and non-IT related services. No two businesses are alike. IT companies may provide services that are non-IT related such as marketing services, call centre operations or general business consulting. By having the broad definition of Professional Liability, this eliminates the need to purchase multiple policies.
Products Liability: An IT E&O policy should include products liability coverage for the manufacturing, development or distribution of technology products such as computer or telecommunications hardware or software product, or related electronic product that is created, manufactured or developed for others or distributed licensed, leased or sold to others including software updates, service packs and other maintenance releases.
Computer Network Security: Ensure that computer network security coverage is included for the failure to prevent unauthorized access to computer systems that result in the destruction, deletion or corruption of electronic data on computer systems, theft of data from computer systems or denial of service attacks against Internet sites or computers.
Multimedia and Advertising: Finally, confirm that multimedia and advertising coverage for the rendering of media activities includes cover for defamation, libel slander, products disparagement, invasion of privacy, misappropriation of any name or likeness, trade secret or ideas, plagiarism, piracy, infringement of copyright, trade dress, domain name, title, slogan, and negligence regarding the content of any media communication.
Given the global nature of the Internet, insist that the policy offers worldwide coverage and does not limit the jurisdiction to Canada or the United States of America.
Confirm that policies extend coverage to sub-consultants, as many small IT companies subcontract work to individual service providers and other small firms in order to leverage their in-house capabilities without adding extra overhead. If the sub-consultant does not carry insurance, it is important that IT companies have protection for the acts of their sub-consultants.
Ensure that the policy includes coverage for bodily injury and property damage resulting from professional services to address the absence of this coverage found in most CGL policies. In fact, to avoid any gaps in coverage between the CGL and E&O policies, it is best practice to have both policies written by the same insurer.
Most E&O policies include a contractual exclusion unless the IT company would have been liable in the absence of a contract or agreement. However, the lack of standard limitation of liability clauses in the IT company contracts should not negatively affect coverage. Sample contracts are reviewed at the time of underwriting and if there are any concerns they should be addressed prior to binding and not at the time of a claim.
Punitive damages, particularly in the US, can be catastrophic to the financial well being of a company. Confirm that the IT E&O policy provides coverage to the fullest extent permitted by law.
Most E&O policies include a criminal, dishonest, fraudulent or malicious acts exclusion. However, policies may extend cover to innocent insureds who were not directly involved in any of alleged acts.
The insurance contract should include coverage for an optional reporting period to cover claims reported after the end of the policy period for incidents that occurred before the expiry date. Companies would typically purchase this when ceasing operations or when being acquired by another company. These generally range from one to five years and are subject to an additional premium.
Currently there are many IT insurance products in the Canadian marketplace. In a soft market, the pricing is very competitive. However, the lowest price is not always the best solution for the customer.
Due to the highly technical nature of the IT business and its potential resulting exposures, a well-designed product from a specialized market is necessary to eliminate any looming doubt about inadequate protection. No one expects or wants to be involved in a lawsuit. A uniquely crafted insurance policy can provide peace of mind in time of need.
Anne Coppens is the president of Creechurch International Underwriters.