Wednesday, October 21, 2009

And A Happy Drug-Free Work Week to You, Too!

Did you know that this week, October 19-25th, is Drug-free Work Week? Four years ago, the Department of Labor instituted this special week to highlight the benefits of maintaining a drug-free workplace.

According to the Department of Labor, "between 10 and 20 percent of the nation's workers who die on the job test positive for alcohol or other drugs. . .Industries with the highest rates of drug use include many of the same industries at high-risk of occupational injuries, such as construction, mining, manufacturing and wholesale."

Employers who take steps to prevent drug use will benefit from healthier employees, fewer Workers' Comp losses, and lower insurance rates.

For example, Virginia allows a 5% Drug Free Workplace credit on Work Comp premiums for companies who maintain qualified drug testing programs. These programs should include random testing, substance abuse education, and resource files for employees seeking additional help.

The Hartford Insurance Group's HartfordHelp website has great information and resources for employers looking to institute or beef up their own Drug-free policies. For more information, please click here.

Does your company have a drug testing program? Have you ever been faced with a situation where an employee tested positive? How did you handle it?

Friday, October 9, 2009

We Gave You Benefits, and You're Suing Us?

Employers who provide employee benefits are sometimes sued by their employees for mistakes made in administering those benefits. Companies who provide employee benefits should consider adding Employee Benefits Liability to their policies.

EBL covers damages caused by an error or omission committed in the "administration" of your "employee benefits program." Below are definitions from an EBL policy that define the covered acts a little more clearly:

"Administration" means:

1. Counseling, "employees," including their dependents and beneficiaries, with respect to the "employee benefits program";

2. Handling records in connection with the "employee benefits program"; or

3. Effecting or terminating an "employee's" participation in a plan included in the "employee benefits program";

"Employee benefits program" means the following plans:

1. Group life insurance, group accident or health insurance, flexible spending plans, profit sharing plans, pension plans and stock distribution plans; provided that no one other than an "employee" may subscribe to such insurance or plans;

2. Unemployment insurance, social security benefits, workers' compensation and disability benefits.

For example, failure to properly enroll someone on the health plan may leave an employee without coverage for a medical procedure.

The premium for this coverage runs about $200 - $400 per year, depending on the number of employees. Larger companies may pay more. Ask your agent about it. If you don't have an agent, give me a shout!

Tuesday, October 6, 2009

We Want Your Information

It's 8 pm, who's watching your information? Does your insurance policy cover your company's potential liability if your network were breached?

In a prior post, I wrote about the E&O exposure that Tech companies face when their clients fall victim to a network security breach. (Access Unauthorized? Claim DENIED!) This post focuses on your potential liability from hacks on your own networks.

Earlier this year, I came across the following article:

Apptis Cited for Lax Computer Security on Army Medical Job

July 24 (Bloomberg) -- Apptis Inc., a military information technology provider, repaid $1.3 million of a $5.4 million Pentagon contract after investigators said the company provided inadequate computer security and a subcontractor’s system was hacked from an Internet address in China...

The Government relied on this company to maintain secure networks. That security failed, and Apptis found themselves liable. Did their policy cover the loss?

This is just my guess, but the claim was probably denied for 2 reasons:

1. You cannot be liable to yourself.

Errors & Omissions Insurance is a 3rd party coverage. Therefore, the policy will only respond to damages claimed by companies not assoicated with the insured (or the 1st party). In the above example, the Pentagon claimed that Apptis failed to provide adequate security as required in their contract and required them to refund a portion of the contract price. Apptis lost the money, so I don't believe their E&O policy would respond. It is possible that the E&O coverage may respond due to the alleged breach of contract. However, if the root cause of the damage is excluded by the policy, then the carrier may have denied coverage.

2. Network Security exclusion.

We will not pay damages or claim expenses for any claim arising out of or in any way related to: Failure to prevent identity theft or disclosure of personally identifiable information.

This is a common exclusion in E&O policies. Check your policy to see if it contains similar wording.

Cyber security has been a hot issue for several years. However, the Federal Government is redoubling its efforts to enforce secure networks and tighter controls on information. As the Apptis article shows, Uncle Sam will not hesitate to recoup his money, if he feels that your security was not up to snuff. The Apptis article states:

President Barack Obama is seeking to improve security in government computer systems. He said in May he will appoint a White House adviser to oversee the security of all government and business computer networks in response to widespread breaches and theft of information.

The Pentagon by September will publish proposed revisions to its acquisition rules that will require improved protection of Pentagon information in its contracts, said spokeswoman Cheryl Irwin. A draft proposal will be released for public comment, she said in an e-mail.

If you do business with the Federal Government, you will need to comply with their security standards. If those security standards fail, then your company may be held liable.

Has your company ever been a victim of information theft or an unauthorized intrusion? Please let me know how it affected your business.