Surfing the Web for Internet Liability Coverage – Who Needs It and Why’

By Laura Johnson | October 25, 2004

Any company with a Web site is a candidate for professional (or third party) Internet liability insurance. In most circumstances, they do not purchase it. This is often because the company expects their current insurance coverage to provide the necessary protection or because they believe adding a traditional errors & omissions (E&O) policy to their current insurance portfolio will suffice. In many cases, this is untrue. Once a company goes online, they face new exposures that require the kind of specialized E&O protection afforded under a third party Internet liability policy.

The types of Web sites or Web services can be classified into four general categories: presence-only, content aggregation, interactive and transactional or e-commerce. The exposures vary according to classification and while certainly a transactional Web site offers the greatest diversity in exposures, even a simple presence-only Web site can pose new and significant risks.

Presence only
A presence-only Web site collects no data about customers and is focused on presenting information about the company, similar to an online brochure. In addition, some presence-only sites may post company-generated literature. For example, a consulting firm might offer white papers or case studies or a marketing company might choose to include content on its Web site offering marketing tips and advice.

If any of these companies maintains a traditional E&O policy, that policy may cover the professional exposures created by their presence-only Web sites. Key coverage factors to consider include the intellectual property infringement protection, the policy coverage territory and the schedule of covered services.

For example, a copyright, trademark or trade dress suit could arise out of the Web site’s content or even its design, or look and feel. Additionally, a trademark infringement claim could arise out of the company’s name, their product name(s) or their Web site domain name. While trademark infringement suits can arise without the Web site, the opportunity to draw a claim greatly increases with the Web site. As such, the coverage territory should include claims made outside and inside of the United States and respond to acts anywhere.

In addition, services performed on the company’s Web site should be specifically mentioned in the schedule of covered services, base form or an endorsement. If the existing E&O policy does not offer these coverages, an Internet liability policy could play a valuable role in the company’s risk management strategy.

Content aggregation
Content aggregation sites pull data from a variety of sources and present the compiled information in one Web site. For this type of site, the intellectual property and coverage territory issues described for the presence-only site still apply.

In addition, content aggregators have an increased exposure because the information published on their site is generated, at least in part, from the content of others. This means the company could face lawsuits arising out of another company’s acts, simply because their information is posted on the company’s site.

With information coming from a broader variety of sources—some of which may be less subject to control—and with the content being less subject to vetting by the Web site owner, the content aggregator also faces a personal injury exposure. Although the presence-only site may face some personal injury exposure, it becomes more significant for the content aggregator.

For example, a lawsuit could arise for invasion of privacy, infliction of emotional distress or allegations of libel out of false or misleading statements posted on the site. Additionally, these lawsuits can arise not only out of the information the company creates and posts itself but also out of information the company aggregates from other sources and posts. To mitigate risks, it becomes even more important for the content aggregator to explore the same coverage issues as the presence-only site.

Interactive
An interactive Web site can include content developed solely by the company or it can be more similar to a content aggregation site. Regardless, the interactive Web site offers something the content aggregators and presence-only sites do not: customer or visitor participation. This can be in the form of chat rooms, bulletin boards, surveys and more. An interactive Web site may also collect personal information from the customer, for such things as a prize drawing or for a newsletter subscription.

The interactive Web site’s exposures do mirror the exposures of the presence-only or content aggregation sites, but often at a higher level and with a security exposure. The higher level is due to the live interaction and the security exposure is due to the company’s responsibility for maintaining customer information.

Caring for the customer information requires ensuring the customer does not suffer financial, privacy or reputational injury because their data was stolen from the company’s system. Security risks are also higher because there is a possibility that the company’s system may introduce a virus into the customer’s computer or network. Additionally, because customers are posting information directly on the site, through bulletin boards or chat rooms, the personal injury exposures greatly increase.

To address these expanding exposures, the company is again advised to evaluate their current level of intellectual property, personal injury and coverage territory protection as well as ensure the E&O policy lists services performed on the Web site. To address the security exposures, policy language that protects against introduction of malicious code or virus and other security threats is a must. Because traditional E&O policies are not often designed to provide security protection, the Internet liability policy becomes even more valuable.

Transactional/e-commerce
The last type of Web site is for e-commerce. The transactional site may be a compilation of all of the other Web site categories, providing information about the company, aggregating content from other sources and offering interactive features. Regardless of exactly how the site functions, a transactional site does include information about products/services and provides an opportunity for the customer to buy these products/services. The transactional Web site does face the same exposures as described for the other three types of Web sites. It also entails a traditional E&O exposure in providing services and goods. In addition, the company faces the risk of online credit card fraud and identity theft.

Collecting customer data, specifically financial data such as credit card information, is a necessity for an e-commerce Web site. This collection of data opens up the company to potential lawsuits from customers alleging financial loss due to stolen credit card information and other information, equaling identity theft.

Mitigation of this risk is accomplished on the front side with careful attention to hardware, software and procedural security measures. It is accomplished on the back side by securing coverage that specifically protects against a company’s failure to prevent identity theft and credit card, or debit card fraud. This type of protection is fairly new and rarely featured or endorsed in a traditional E&O policy. Additionally, E&O policies are generally for the brick and mortar business, with endorsements for Internet activity but are not often designed especially for an online business. Internet liability policies are designed especially with the e-commerce Web site in mind and are an excellent risk management solution for the transactional Web site.

Internet liability policies are still relatively new. As the Internet grows, the need for Internet liability protection may increase. This is especially true if the pace of Internet-related litigation continues to grow. In such a circumstance, the question of who needs Internet liability protection could be rewritten to ask, who doesn’t?

Euclid Managers LLC is an underwriting manager and claims administrator for Internet, tech and media professional liability. Johnson’s role as vice president is to underwrite accounts and oversee broker relations and product development.

Was this article valuable?

Here are more articles you may enjoy.

From This Issue

Insurance Journal West October 25, 2004
October 25, 2004
Insurance Journal West Magazine

Professional Liability