Tag Archives: liable

Dec 05 2013
Leave a comment
Business Insurance, Risk Management

Why Every Small Business Partnership Needs a Buy-Sell Agreement

When most small business owners think about risk, they tend to consider the things that impact the physical security of the business (fire, flooding, wind damage, etc.) and the financial buy sellsecurity of the business (receivables, demand, professional liability, etc.). Given the immediacy of these risks, it is easy to forget issues relating to business continuation. The reality is that if you buy a business or start one with a partner, you are both at risk for losing everything. Without a buy-sell agreement, Forbes warns you and your partner are facing a world of hurt from the financial and tax problems following “an owner’s death, incapacitation, divorce, bankruptcy, sale or retirement.”

What Is A Buy-Sell Agreement?

A typical buy-sell agreement will protect business owners in the event a co-owner wants out of the business voluntarily or otherwise. A partner may want to retire, to sell his/her shares, or to settle a divorce. On the other hand, the partner may die or become incapacitated and unable to participate. Once a buy-sell agreement sets up a price and terms for a buyout, you have assured the business’s continuation and seamless transition.

Benefits Of A Buy-Sell Agreement

There are several reasons to consider putting a buy-sell agreement in place:

  1. Protect the Business: You and your partner may agree on keeping an unwanted third party from acquiring the business. The contract facilitates a hassle-free shift in control or ownership, it can provide the protocol for fixing or calculating the buy-price to the selling partner or deceased owner’s interest, and it can assure the mandatory arbitration required to settle any arising disputes. Finally, it may define the rights of remaining owners to purchase the interest of the departing owner to resolve or avoid the disputes that often arise among family members.
  2. Structure Tax Treatment: A buy-sell agreement may be used to protect a company’s status as an S-corporation, professional LLC, or professional corporation identity. And, it may want to avoid the termination of its status as a partnership for tax purposes. In addition, under the Internal Revenue Code, there are prohibited shareholders. The IRS will tax the business as a C-corporation if and when a share of the business is transferred to a prohibited shareholder and its status S election will be terminated.
  3. Protect the Remaining Interests: Great peace of mind comes with certainty of the terms enabling you to purchase the departing partner’s interest through a predetermined long-term financing arrangement that allows, for example, payments to be made from the business’s cash flow according to specific formulas. This allows the current owners to fix the price and terms of purchase, thereby reducing or eliminating the personal conflicts that could otherwise arise.
  4. Protect the Withdrawing Partner: The buy-sell protects the deceased partner’s estate from negotiating price and share from a disadvantage. By requiring the surviving partner(s) to buy back the deceased’s interest, it provides a source of income for payment of estate taxes and forestalls disputes with surviving spouses and heirs. In another situation, the agreement guarantees the disabled or retired owner a needed source of cash or a lump sum that fits a financial plan with tax treatment favorable to the withdrawing partner.

Designing Buy-Sell Agreements

There are a variety of ways that a buy-sell agreement can be structured. Typical formats include:

  • A Cross Purchase Agreement works best with four or fewer partners. The owners each own life insurance policies on the lives of each of the others, and in the event one of them dies, the surviving owners use the proceeds of the life insurance policy to buy the deceased owner’s share of the business.
  • A Trusteed Cross-Purchase Agreement creates a revocable or irrevocable trust with a third party owner-administrator and fewer insurance policies. The agreement contractually obligates the trustee to buy the interest of the deceased or departing owner, and the departing owner (or the estate) to sell the interest to the trustee. When using life insurance, the owner(s) can be confident that some or all of the money needed to complete the purchase will be available at the death of an owner.
  • A Partnership Among Shareholders transfers the funding from life insurance policies into a partnership.

It is never wise to enter into a buy-sell agreement without professional advice and assistance. Before you and your partners hang out your “business open” sign, have your lawyers and insurance professionals design the plan that best serves all your interests.

Dave Perez is a risk advisor at Texas Associates Insurors and specializes in property and casualty risk assessments for business owners.

Tagged , , , , , , , , , , , , , , , , , , , , , , , , , ,
Nov 23 2013
Leave a comment
Personal Insurance, Personal Risk Management

Traveling? Renting a Car? Should You Buy the Insurance? So Many Questions!

Car_Rental_Insurance_JusRenting a car can be a confusing process. The additional fees and services offered by car rental companies are often tacked on the bill followed by paragraphs of legalese. Supplemental liability insurance is one of these extra fees. While the name implies importance, it may be an unnecessary fee when renting a car. To determine whether you need supplemental liability insurance on your next car rental, start by assessing your current coverage.

What is Supplemental Liability Insurance (SLP)? 

Most states require that rental car companies provide drivers with minimum levels of liability insurance during the rental period. Supplemental insurance provides additional coverage above the state minimums, up to $1 million in liability protection.

For some drivers, this additional coverage is a great deal that can cover additional costs associated with an accident. For other drivers, this coverage is already included in other areas and duplicating this service through the rental company is a waste of money.

Using a Credit Card? 

Many credit card companies offer bonuses that customers are not using. Charge backs and reward points are often scrutinized and compared when searching for a new credit card but many cards also offer secondary rental insurance which consumers fail to use.

The best way to determine whether your credit cards offer rental insurance is to read the terms of use or speak to customer service. Determine how long after an accident you have to file the claim. Most credit card companies offer drivers a 45 day window. If your credit card offers SLP, buying coverage from the rental car company is unnecessary.

Did You Call Your Insurer? 

Most drivers do not need supplemental liability insurance for the simple reason that they already have coverage under their current auto insurance. In addition to covering the driver while driving other people’s cars, rental cars are covered by basic auto insurance for the same deductible.

Don’t Want to File a Claim?

Even drivers who have primary automobile insurance may opt to use SLP to prevent their insurance rates from rising in the event of a rental car accident. Rental cars are notorious for being driven recklessly and drivers with a lead foot or those that are particularly harsh on rentals may not want rising rates over a couple of scratches. In this case, SLP is a good way to prevent extravagant bills for car damage without effecting insurance rates.

Don’t Own a Car? 

While insured drivers may already carry supplemental liability insurance, drivers who do not own a car may find value in getting additional coverage during their rental period. Without the secondary coverage available from auto insurance, customers with expensive rental cars or valuable assets can protect their money by accepting the nominal daily charge for supplemental liability insurance.

If you’re a non-car owner that travels frequently, the fees associated with SLP can add up fast. Consider contacting an auto insurance company to ask about liability coverage for drivers who do not own a car. Most policies cost less than $300 a year and will provide adequate coverage in case of accident without the additional cost of supplemental liability insurance.

Supplemental liability insurance may not be a great deal, but for drivers with the right prerequisites, it can be a valuable addition to rental insurance. Being underinsured in an accident can have serious consequences. Make sure you understand your coverage before turning down supplemental insurance while renting a car.

Tagged , , , , , , , , , , , , , , , , , , , , , , ,
Aug 03 2013
Leave a comment
Liability, Personal Insurance, Personal Risk Management

Dog Bite Liability

According to the CDC, approximately 4.7 million people are bitten by dogs every year, and around 17 percent of those victims require medical care. Sadly, between 10 and 20 of these incidents eventually result in death.

To curb dog bites, some communities around the United States have banned certain breeds that are perceived to be more dangerous or have a track record of violence. These laws most commonly apply to pit bulls and rottweilers.

Homeowners and renters insurance policies typically cover dog bites. However, if you own a breed that has been historically violent, you may have to pay an increased premium (even if your dog has not displayed any violent behavior). If your dog has passed obedience school tests, you may qualify for a premium discount.

It is difficult to determine how a dog’s breed will predict its disposition, much like it is hard to predict how nature versus nurture plays a role in the development of a child. Watch your dog’s behavior closely and contact your veterinarian if your dog exhibits any of the following behaviors: growling, snapping, biting family members, aggression towards strangers or showing signs of extreme fear. Your vet can refer you to a veterinary behavior specialist. While the dog is going through treatment, be extra cautious while in public and consider placing a basket muzzle over the dog’s mouth.

No dog breed is guaranteed to be attack-or bite-free. Let Texas Associates Insurors educate you on your insurance needs to protect you from a costly dog bite lawsuit.

Tagged , , , , , , , , ,
Jul 06 2013
Leave a comment
Health and wellness, Personal Risk Management

Safe Walking & Cycling

The weather outside has finally turned from frightful to delightful (if you like it hot!), and for millions of Americans that means it’s time to head outdoors for some fun in the sun. If you are hiking or biking on or near roads and sidewalks, keep these safety tips in mind.

When walking:

  • Always do so at marked crosswalks so cars are aware of your presence.
  • Make sure drivers know you are about to cross by making eye contact with them.
  • Don’t just look left and right—pay attention to cars that may be turning at intersections.
  • If you’re walking at night, wear bright or reflective clothing.

When riding a bike:

  • Always make sure you have enough room to avoid being sideswiped by nearby vehicles.
  • Use hand signals when turning or stopping so that drivers know what you are about to do.
  • Wear bright or reflective clothing so that you catch drivers’ attention and they know you are there.
  • Be attentive and slow down slightly when nearing intersections.

And as usual, when doing any kind of physical activity out of doors – DRINK LOTS OF WATER!

Tagged , , , , , , , , , , ,
Jul 01 2013
1 Comment
Bond Management, Business Insurance, Employee Benefits, Health Insurance, Risk Management

How Does Risk Management Create Value?

Risk management isn’t just a defensive tactic designed merely to keep something bad from happening. Effective risk management can also be constructive and encourage the creation of something positive. This positivity is a culture of value and self-awareness.

How to create value with risk management

Risk management doesn’t have to be a secondary addition to your business strategy, it can be incorporated into your overall business plan to give you direction and help you make the best decisions.

Balancing risk avoidance activities and responsibilities throughout the company makes it so that everyone is aware of what the risks are and how they are to approach them. Rather than a strategy dictated from up above, risk management becomes more of an open discussion that includes input from multiple areas. Not only is a fully comprehensive view of risk management at work in a company, it’s all-inclusive for management and employees alike.

Risk management allows for risks to become opportunities

Executives and board members are likely to have a much longer list of worries than their average employee would. Especially in the digital information age and with the popularity of social media for example, reputational risk is of real concern to many companies

Managing these types of risks, risks that have many variables, as part of your business strategy allows for large scale projects such as social media monitoring to be broken down into smaller manageable tasks and spread throughout the company. Employees can become more involved in the company’s risk management. It also potentially makes for more effective risk management if employees are encouraged to make suggestions for improvement or development.

Risk management best practice

To best understand how your risk management can bring value to your business, you need to understand how these risks can affect you. Generally they fall into four areas – strategic, operational, financial and compliance. How would your business plan get thrown off? What would loosing the use of a key piece of machinery mean to business? Often times the answers will come from those who would be directly affected by these risks, frontline staff.

Proactively managing these risks not only gives management, but all members of staff piece of mind that risks have been comprehensively assessed.

The value risk management creates can be viewed in many ways. It’s including employees of every level in the protection and management of the company. It’s tying business strategy with risks avoidance and management for efficient planning and strategizing. It’s creating opportunities for everyone to get involved and strengthening the company’s defenses against risk.

If you have risk management questions, click here to ask an expert

Tagged , , , , , , , , , , , , , , , , , , , , ,
Jun 01 2013
Leave a comment
Liability, Personal Insurance, Personal Risk Management

Is Your Pooch Considered Dangerous?

Accidents involving dog bites cost the insurance industry over $350 million per year and are now the largest cause of Homeowners Insurance claims in the U.S. As a result, many breeds are considered “uninsurable” or may require heightened premiums.

Notoriously Dangerous Breeds

The following dog pedigrees are considered dangerous:

  • Pit Bull
  • Rottweiler
  • German Shepherd
  • Husky
  • Alaskan Malamute
  • Wolf-dog Hybrid
  • Chow Chow
  • Doberman
  • Saint Bernard
  • Great Dane
  • Doberman Pinscher
  • Siberian Husky
  • Akita
  • American Staffordshire Terrier
  • Boxer
  • Perro de Presa Canario

Owner Responsibilities

It is difficult to determine how a dog’s breed will predict its disposition, much like it is hard to predict how nature versus nurture plays a role in the development of a child.

To minimize the risk that your dog will display aggressive behavior towards other dogs or humans, you must be a responsible pet owner and do the following:

  • Restrain your dog with a strong leash when in public or fenced in while in the yard. The fence should be at least six to eight-feet tall, depending on your dog’s size.
  • Socialize your dog as a puppy with other dogs and people. Take him/her to puppy classes starting at a young age, and praise your dog when he/she behaves well with others.
  • Spay or neuter your dog, as 80 percent of all fatal attacks are caused by non-neutered male dogs. Fixing a dog alters its territorial instincts and aggression.
  • Train the dog not to bite your hands, furniture, etc. If your dog starts to growl or chew on something, clap your hands loudly to distract him/her and then provide a toy for the dog to play with. Praise the dog when he/she chews on toys only.
  • Give your dog lots of positive attention.
  • Properly identify your dog with tags and a microchip.

Watch your dog’s behavior closely and contact your veterinarian if he/she exhibits any of the following behaviors: growling, snapping, biting family members, being aggressive towards strangers or showing signs of extreme fear. Your vet can refer you to a veterinary behavior specialist. While the dog is going through treatment, be extra cautious while in public and consider placing a basket muzzle over the dog’s mouth.

Insurance can usually be obtained for most dogs; however, there are some limitations. If you own a breed that has been historically violent, you may have to pay an increased premium (even if your dog has not displayed any violent behavior). If your dog has passed obedience school tests, you may qualify for a premium discount.

Here are the Facts:

According to the Centers for Disease Control and Prevention (CDC), approximately 4.7 million people are bitten by dogs annually, and around 17 percent of those victims need medical care. There are also 10 to 20 people who do not survive the attack. The CDC claims that dog bites are an “epidemic” in America.

To curb dog bites, some communities around the U.S. have banned certain dogs as pets, as they are perceived to be more dangerous or a have track record of violence. This specifically applies to Pit Bulls and Rottweilers.

Tagged , , , , , , , , , , , , , ,
May 30 2013
Leave a comment
Business Insurance, Liability, Risk Management

Restaurant Workplace Accidents Are COSTLY!

We all know that safety is important, but are you aware just how costly a workplace injury can be? According to the Occupational Safety and Health Administration (OSHA), the average eye injury costs $1,463. It may not seem like much money, but the extra expense to pay for injuries has a powerfully negative effect to our restaurant’s bottom line.

Why is profitability also an important issue to you? The only way that  can stay in business is to operate at a profit, and that ability can be threatened by a serious workplace injury.

The Real Cost of Workplace Injuries

It may be surprising to hear that most companies do not have a high profit margin—3 percent is about average. Expenses take a large chunk of the income, and competition limits how much we charge our patrons.

Each time an accident occurs, the cost of the injury must be subtracted from profits. Consider the following two examples:

  • At a 5 percent profit margin, an extra $20,000 in sales is needed to compensate for a $1,000 injury.
  • If the profit margin is nearer to 1 percent, an additional $100,000 worth of new income is necessary to maintain that profit level for the same injury.

As you can see, that adds up to a lot of extra income just to compensate for a single injury. And we all know that we can’t just find more customers because we need the extra income. Thus, every time a worker gets hurt on the job, other employees are affected, too. The company may be forced to make difficult budget decisions such as cutting hours or jobs, plus some employees will need to work extra hours to make up for the injured employee’s lost time.

Also, recovering from an injury can mean time away from work, reduced compensation, painful rehabilitation and frustrating adjustments to daily life.

Practice Prevention

Though operating at a profit is essential to our success, our top priority is to keep our employees safe and healthy. That’s why we are counting on you to help practice good safety principles, including following all safety procedures, even if they seem unnecessary or slow you down. Safe work behavior will contribute directly to our bottom line as well as to everyone’s job security. By observing safety precautions, we can limit accidents.

It is always wiser to spend a bit more time doing the job safely than to risk getting a serious injury. Be sure to always follow all safety guidelines and stay alert for unsafe conditions

Tagged , , , , , , , , , , , , , , , , , , , , ,
May 09 2013
Leave a comment
Employee Benefits, Health Insurance

Should I Buy Coverage for HIPAA?

The final rule has been issued on the Health Insurance Portability and Accountability Act. This federal law broadly covers the privacy and security of personally identifiable health information as well as the government’s ability to enforce these rules and request reports on information breaches. The final rule is intended to enhance these privacy protections and provide them with new rights to their health information.

Personal Information

The final rule in HIPAA goes a long way in protecting individuals’ right to access their personal health information and have it protected. Under the Final Rule, individuals’ rights to receive electronic copies of their health information are expanded. The final rule also goes against a 2009 proposal and prohibits most health plans from using or disclosing genetic information for underwriting purposes. Individuals are also reassured by the fact the fact that the government’s abilities to enforce these laws are enhanced in this modification of the law.

There are also changes to authorization requirements that may be needed to gather information on cases such as child immunization proof for schools and enabling access to decedent information by family members or others.

Covered Entities

The final rule in HIPAA has modified the applications of the act to make business associates of covered entities directly liable for compliance with certain Privacy and Security requirements. As well as this it requires modification and redistribution of a covered entity’s notice of privacy practices. There are also limitations imposed on the use and disclosure of protected health information for marketing purposes and prohibits the sale of this information without individual authorization.

Do I Need to Buy Liability Protection for HIPAA Claims?

From a liability perspective, it’s going to depend on the policy itself and the allegations that are made. Some directors & officers, employment practices, and fiduciary liability policies may provide coverage for certain violations of HIPAA. Some may have exclusions specifically related to HIPAA violations. Bottom line, coverage for HIPAA violations may be available, but the key lies in what allegations are made in a claim.

This final rule has done a lot to ensure the security of protected health information while also enhancing the access for the individuals involved. Covered entities are also pushed to be more responsible and hold more accountability for the delicate information in their possession. The HIPAA Final Rule heralds many changes for both the insured individual and their provider.

Tagged , , , , , , , , , , , , , , , , ,
May 03 2013
1 Comment
Business Insurance, Liability, Risk Management

Pollution Liability Insurance – Managing Your Changing Exposures

Pollution and environmental conditions are growing exposures for many businesses, exposures that are not covered under standard insurance policies. A steadily increasing focus on the environment paired with an expanding list of known pollution sources have led to many recent costly law suits that companies never saw coming. Due to the unknown nature of many environmental conditions, a pollution claim can arise at any time, for nearly any type of company, and the cost could prove devastating.

Luckily, pollution insurance is available as a separate policy to protect companies from the risk of environmental conditions and cover the many potential costs of those exposures.

History of pollution insurance

Environmental insurance products date back to the mid- to late-1980s, and have evolved since then to keep pace with changing trends, new exposures and greater coverage needs. The first policies, known as pollution legal liability insurance, covered third-party bodily injury, property damage and cleanup cost claims that resulted from the offsite release of environmental contaminants from the insured’s property. These policies, though better than nothing, had obvious shortcomings: they didn’t cover any claims resulting in onsite contamination and they didn’t cover any first-party cleanup costs.

The early 1990s brought expansions to pollution policies, as they began to cover claims for onsite contaminant releases and claims for first-party cleanup costs due to a newly discovered environmental condition. Most carriers did limit this first-party coverage to cleanup costs that the site owner was legally obligated to pay, such as to stay in compliance with local, state or federal standards.

In addition, newer pollution policies cover site owners for the entire lifespan of a property – from “cradle to grave” (as long as the owner has coverage throughout this entire period). This lifespan begins when the property is acquired, lasts throughout its useful purpose and ends when the property is abandoned or sold – because the property owner could be liable for environmental exposures during any phase of the property’s lifespan.

Many of the recent pollution policies also include previously known exposures, such as asbestos, lead-based paint, or specific contaminant levels that were previously below legal standards. Such known exposures used to be widely excluded.

Pollution policies today

Currently, there are several types of pollution coverage available, and most policies are customizable to fit a company’s unique risks and exposures. They often offer ancillary coverage options too, such as contamination during the transportation of goods.

The pollution insurance sector will likely continue to evolve and expand as environmental trends and expectations change.

Who is covered?

Traditional pollution policies covered only the site owner, but today, many parties could be liable for environmental conditions. During the sale of a property, both the seller and purchaser could have potential liability. They could address this shared liability somehow in their contractual arrangements, but both could protect themselves with a type of pollution coverage.

Lenders whose loans are backed up by actual real estate also face a potential liability if they foreclose on a property and then an environmental condition is discovered. Not only will this make the value of the property plummet, but the lender would then be responsible for the costs of the pollution. Lender liability coverage was created to protect lenders from this unique environmental risk.

The tenant of a property, whether the owner or renter, also faces liability for pollution claims, particularly if their business operations or personnel caused the pollution.

Why purchase pollution insurance?

The risk of pollution may seem like somewhat of an obscure one, but it is one that could arise at any time. New forms of pollution and contamination are frequently being discovered, often with the result of a large (and generally successful) lawsuit due to third-party bodily injury or property damage.

In addition, due to the widely variable and uncertain nature of environmental and pollution factors, this risk is an economically uncertain liability – but one that could be financially disastrous. Costs could exceed even the value of the property itself. Many risk managers feel more comfortable paying a fixed amount in premium than gambling with potentially catastrophic costs in the future.

Potential costs are so high because there are many aspects to pollution exposures. For instance, a third-party claim could include bodily injury, property damage and/or hefty cleanup costs, both for contaminants that traveled offsite or were released onsite. Plus, the company would be responsible for the court costs associated with defending itself. A first-party situation arises when a company experiences a spill or contamination situation that that requires cleanup, often due to a violation of local, state or federal environmental standards. In both of these instances, business interruption is also a consideration, as any cleanup could be quite time-consuming as well. Pollution insurance can cover all of those exposures.

In addition, pollution insurance can help a property transaction go quicker. If an environmental condition exists prior to or during the sale of a property, the process can be dragged out while the condition is cleaned up. Even if no known condition exists, environmental tests and investigations to find potential pollution sources can be lengthy. A pollution insurance policy can help the sale move because the buyer knows an existing environmental condition would be taken care of, without needing to hold off the sale until that point.

Pollution policies tend to be flexible, making it easier for businesses to tailor their coverage to fit their company’s particular exposures. The experts at NewFirst Insurors can help you find the right policy for your company.

What qualifies as a pollution source?

There are countless possible pollutants, environmental conditions and contaminants in any building or property, and more could be discovered at any time. Many claims that insurance companies classify as pollution-related are ones that you may think would be covered under your commercial general liability (CGL) policy. Due to the sweeping pollution exclusion on these standard policies, you may find yourself surprised when a claim is classified as pollution and not covered.

The following are just a sampling of possible pollution exposures that may affect your company:

  • Chinese drywall (defective drywall containing unsafe levels of sulfur that has been released into the air)
  • Toxic mold, fungus or other bacterial contamination
  • Silt runoff from construction sites into public water sources (liability for both contractor and property owner)
  • Certain green construction techniques that can cause unforeseen pollutants
  • Nanotechnology
  • Asbestos
  • Lead-based paint
  • Any contaminants or chemicals that could be released into the air or public water supply (this list could be endless, including solvents, degreasers, paints, cleaning products, fuels, pesticides, herbicides, etc.)
  • Aboveground or underground storage tanks
  • Improper waste disposal (including medical waste)
  • Building or car exhaust/fumes
  • Malfunctioning of HVAC or ventilation equipment
  • Malfunctioning, crumbling or leaking of older buildings and pipes, causing contamination

Pollution is an unpredictable, costly exposure that your business needs to consider as part of its risk management program. While a lot of pollution-related incidents can be prevented, there is always the possibility for an unexpected spill, contamination or environmental condition to occur or surface. That is why pollution insurance is absolutely vital to protect your company. Contact NewFirst Insurors to learn more about pollution coverage today.

Tagged , , , , , , , , , , , , , , , , ,
Apr 26 2013
Leave a comment
Business Insurance, Liability

Responding to a Data Breach

No company, big or small, is immune to a data breach. Many small employers falsely believe they can elude the attention of a hacker, yet studies have shown the opposite is true. According to Verizon Communication’s 2012 Data Breach Investigations Report, 72 percent of the 855 data breaches analyzed were at companies with 100 or fewer employees.

Data breach response policies are essential for organizations of any size.  A response policy should outline how your company will respond in the event of a data breach, and lay out an action plan that will be used to investigate potential breaches to mitigate damage should a breach occur.

Defining a Data Breach

A data breach is an incident where Personal Identifying Information (PII) is accessed and/or stolen by an unauthorized individual. Examples of PII include:

  • Social Security numbers
  • Credit card information (credit card numbers – whole or part; credit card expiration dates; cardholder names; cardholder addresses)
  • Tax identification information numbers (Social Security numbers; business identification numbers; employer identification numbers)
    • Biometric records (fingerprints; DNA; or retinal patterns and other measurements of physical characteristics for use in verifying the identity of individuals)
  • Payroll information (paychecks; paystubs)
  • Medical information for any employee or customer (doctor names and claims; insurance claims; prescriptions; any related personal medical information)
  • Other personal information of a customer, employee or contractor (dates of birth; addresses; phone numbers; maiden names; names; customer numbers)

Data breaches can be costly. According to the Ponemon Institute’s Cost of a Data Breach Survey, the average per record cost of a data breach was $194 in 2011; the average organizational cost of a data breach was $5.5 million.

Internal Responsibilities upon Learning of a Breach

A breach or a suspected breach of PII must be immediately investigated. Since all PII is of a highly confidential nature, only personnel necessary for the data breach investigation should be informed of the breach. The following information must be reported to appropriate management personnel:

  • When (date and time) did the breach happen?
  • How did the breach happen?
  • What types of PII were possibly compromised? (Detailed as possible: name; name and social security; name, account and password; etc.)
  • How many customers may be affected?

Once basic information about the breach has been established, management should make a record of events and people involved, as well as any discoveries made over the course of the investigation to determine whether or not a breach has occurred.

Once a breach has been verified and contained, perform a risk assessment that rates the:

  • Sensitivity of the PII lost (customer contact information alone may present much less of a threat than financial information)
  • Amount of PII lost and number of individuals affected
  • Likelihood PII is usable or may cause harm
  • Likelihood the PII was intentionally targeted (increases chance for fraudulent use)
  • Strength and effectiveness of security technologies protecting PII (e.g. encrypted PII on a stolen laptop, which is technically stolen PII, will be much more difficult for a criminal to access.)
  • Ability of your company to mitigate the risk of harm

Government Regulation

There aren’t many federal regulations regarding cybersecurity, and the few that exist largely cover specific industries. The 1996 Health Insurance Portability and Accountability Act (HIPAA), the 1999 Gramm-Leach-Bliley (GLB) Act and the 2002 Homeland Security Act, which includes the Federal Information Security Management Act (FISMA) mandate that health care organizations, financial institutions and federal agencies, respectively, protect their computer systems and information. The language is generally vague,  so individual states have attempted to create more targeted laws regarding cybersecurity.

California led the way in 2003 by mandating that any company that suffers a data breach must notify its customers of the details of the breach. Today, 46 states and the District of Columbia have data breach notification laws in place. Only Alabama, Kentucky, New Mexico and South Dakota have yet to enact such a law.

While notification laws vary from state to state, all include four basic provisions:

  1. All notification laws put a number on how long companies have to notify customers of a data breach and by what medium the notice will be given (written, email, press release, etc.).
  2. Laws set forth a penalty system (that differs from state-to-state) for failure to notify customers in a timely manner.
  3. Depending on the specifics of the breach, customers can sue the company for its part in the data breach.
  4. All notification laws have exceptions in a range of situations.

Your Notification Responsibilities

Responsibility to notify is based both on the number of individuals affected and the nature of the PII that was accessed. Any information found in the initial risk assessment should be turned over to the legal counsel of your company who will review the situation to determine if, and to what extent, notification is required.  Notification should occur in a manner that ensures the affected individuals will receive actual notice of the incident. Notification should be made in a timely manner, but make sure the facts of the breach are well established before proceeding

In the case that notification must be made:

  • Only those that are legally required to be notified should be informed of the breach. Notifying a broad base when it is not required could cause raise unnecessary concern in those who have not been affected.
  • A physical copy should always be mailed to the affected parties no matter what other notification methods are used (e.g. phone or email).
  • A help line should be established as a resource for those who have additional questions about how the breach will affect them.

The notification letter should include:

  • A brief description of the incident, the nature of the breach and the approximate date it occurred.
  • A description of the type(s) of PII that were involved in the breach (the general types of PII, not an individual’s specific information).
  • Explanation of what your company is doing to investigate the breach, mitigate its negative effects and prevent future incidences.
  • Steps the individual can take to mitigate any potential side effects from the breach.
  • Contact information for a representative from your company who can answer additional questions.

We Can Help You Recover from a Data Breach

At Texas Associates Insurors, we understand the negative effects a data breach can have at your company. Contact us today so we can show you how to recover from a breach and get your company back on its feet.

Tagged , , , , , , , , , , , , , , , , ,
Older posts