Could your computers be at risk?
URBANA, Md. (AP) -- The Justice Department says it foiled a plot by a fired Fannie Mae contract worker in Maryland to destroy all the data on the mortgage giant's 4,000 computer servers nationwide. The U.S. Attorney's Office says 35-year-old Rajendrasinh Makwana, of Glen Allen, Va., is scheduled for arraignment Friday in U.S. District Court in Baltimore on one count of computer intrusion. U.S. Attorney Rod Rosenstein says Makwana was fired Oct. 24. Rosenstein says that on that day, Makwana programmed a computer with a malicious code that was set to spread throughout the Fannie Mae network and destroy all data this Saturday. Makwana's federal public defender did not immediately return a call seeking comment. Washington-based Fannie Mae is the largest U.S. mortgage finance company
Monday, February 2, 2009
Wednesday, March 12, 2008
Directors Could be Liable for Cyber Damage
Cyber risks could be the next big trigger for lawsuits against directors. Directors could be held responsible for loss to companies and their shareholders if they fail their duty of care by not taking preventative measures against risks such as phishing, improper data manipulation or data loss.
The threat to directors is universal across all sectors as any company utilising technology as a platform or for business support is exposed. In particular, financial institutions need to be very concerned due to the dependence on the confidentiality of their data and the overall exposure relating to online banking. In a recent example, a clothing retailer now faces lawsuits by shareholders alleging that the company failed to prevent a hacker from obtaining details of millions of cardholders and it has already reportedly agreed to a multi-million pound settlement to banks for the same situation.
This is adding another layer of risk to directors who need to take action to protect the assets of their business against cyber crime or else face being sued. Cyber risks are pervasive. Among the measures to respond to these changing exposures, is analysing insurance policy language to maximise the potential coverage when a cyber risk materialises. However, insurance should be perceived as the last resort. Directors must look to prevent the cyber risks in the first place by developing strong IT security defences and business continuity plans which are regularly tested, and heightening awareness among the board to create a security culture.
The threat to directors is universal across all sectors as any company utilising technology as a platform or for business support is exposed. In particular, financial institutions need to be very concerned due to the dependence on the confidentiality of their data and the overall exposure relating to online banking. In a recent example, a clothing retailer now faces lawsuits by shareholders alleging that the company failed to prevent a hacker from obtaining details of millions of cardholders and it has already reportedly agreed to a multi-million pound settlement to banks for the same situation.
This is adding another layer of risk to directors who need to take action to protect the assets of their business against cyber crime or else face being sued. Cyber risks are pervasive. Among the measures to respond to these changing exposures, is analysing insurance policy language to maximise the potential coverage when a cyber risk materialises. However, insurance should be perceived as the last resort. Directors must look to prevent the cyber risks in the first place by developing strong IT security defences and business continuity plans which are regularly tested, and heightening awareness among the board to create a security culture.
Wednesday, March 5, 2008
ULLICO Joins Forces with Hudson Insurance Company
ULLICO Casualty Group has aligned with Hudson Insurance Company to offer enhanced fiduciary and union liability insurance programs.Hudson is rated "A" (Excellent), financial size category XV (surplus greater than $2 billion) by A.M. Best Company.
Hudson is the primary insurer of Odyssey Re Holdings Corp., the holding company for one of the world's largest underwriters of property-casualty insurance and reinsurance with shareholder equity in excess of $2.4 billion.
ULLICO Casualty's fiduciary program will include higher limits of liability, up to $15 million for multi-employer benefit funds and $5 million for their union liability program for labor unions and their leaders. Both product offerings will also include significant policy enhancements.
ULLICO Casualty is offering the unique blend of "duty to defend" policy forms with choice of counsel selected by the insured.
The fiduciary policy also enhances coverage for liabilities imposed under Health Insurance Portability and Accountability Act (HIPAA), the recent Pension Protection Act (PPA), and situations in which trustees face liability for non-fiduciary duties.
ULLICO Casualty has enhanced its union liability program to now include domestic partner coverage as well as third-party discrimination liability coverage, via endorsement.
"As the risk solutions provider for organized labor and multi-employer benefit plans, we chose to issue our market-leading fiduciary liability insurance policies with Hudson because they are a leading specialty insurance company in the United States," said Daniel Aronowitz, president of ULLICO Casualty Group. "Our alignment with Hudson combines the fiduciary expertise and experience of ULLICO Casualty with the safety and security of the large policyholder surplus of Hudson."
Hudson is the primary insurer of Odyssey Re Holdings Corp., the holding company for one of the world's largest underwriters of property-casualty insurance and reinsurance with shareholder equity in excess of $2.4 billion.
ULLICO Casualty's fiduciary program will include higher limits of liability, up to $15 million for multi-employer benefit funds and $5 million for their union liability program for labor unions and their leaders. Both product offerings will also include significant policy enhancements.
ULLICO Casualty is offering the unique blend of "duty to defend" policy forms with choice of counsel selected by the insured.
The fiduciary policy also enhances coverage for liabilities imposed under Health Insurance Portability and Accountability Act (HIPAA), the recent Pension Protection Act (PPA), and situations in which trustees face liability for non-fiduciary duties.
ULLICO Casualty has enhanced its union liability program to now include domestic partner coverage as well as third-party discrimination liability coverage, via endorsement.
"As the risk solutions provider for organized labor and multi-employer benefit plans, we chose to issue our market-leading fiduciary liability insurance policies with Hudson because they are a leading specialty insurance company in the United States," said Daniel Aronowitz, president of ULLICO Casualty Group. "Our alignment with Hudson combines the fiduciary expertise and experience of ULLICO Casualty with the safety and security of the large policyholder surplus of Hudson."
Tuesday, March 4, 2008
Supreme Court Expands Liability Exposure of Fiduciaries of Individual Account Plans
Recent rulings related to pension benefits have raised concerns among fiduciary liability policy holders.
The U.S. Supreme Court unanimously ruled on February 20, 2008 in LaRue v. Dewolff, Boberg & Associates that an individual participant may bring suit for fiduciary breaches under the Employee Retirement Income Security Act (ERISA) to recover losses in an individual defined contribution account.
The LaRue Facts
The plaintiff James LaRue is a former employee of plan administrator DeWolff, Boberg & Associates who participated in DeWolff's 401k plan. He claimed that in 2001 and 2002 he directed DeWolff to "make certain changes to the investments in his individual account," apparently changing his investment elections out of funds with stock exposure during a market decline. But he claimed that DeWolff never made the changes and that this omission "depleted" his interest in the plan by $150,000. LaRue sued the DeWolff firm and the DeWolff's 401k plan seeking "make whole" or other equitable relief under section 502(a)(3) of ERISA, codified as 29 U.S.C. 1132(a)(3).
The district court dismissed LaRue's complaint on the grounds that LaRue sought money damages, which are not permitted under Section 502(a)(3).
LaRue appealed to the Fourth Circuit relying on both Section 502(a)(2) and 502(a)(3). The Fourth Circuit affirmed the Section 502(a)(3) dismissal on the same grounds as the district court. The appellate court rejected LaRue's Section 502(a)(2) claim on the ground that the Supreme Court's 1985 opinion in Massachusetts Life Ins. Co. v. Russell permitted Section 502(a)(2) claims only on behalf of the entire plan rather than on behalf of any one participant's individual interest.
Ruling in favor of LaRue, the Supreme Court reversed the lower courts and held that an individual plan participant like LaRue has the right to pursue an individual action, notwithstanding the court's prior holding in Russell. The Court expressly noted that, in contrast to the 1970's era of ERISA's founding when defined benefit plans predominated, "defined contribution plans dominate the retirement scene today." The circumstances for an individual participant in a defined benefit plan, according to the Court, are quite different than under a defined contribution plan, because misconduct relating to a defined benefit plan would not affect any one individual's plan interest unless the misconduct caused a default of the defined benefit plan itself:
For defined contribution plans, however, fiduciary misconduct need not threaten the solvency of the entire plan to reduce benefits below the amount that participants would otherwise receive. Whether a fiduciary breach diminishes plan assets payable to all participants and beneficiaries, or only to persons tied to particular individual accounts, it creates the kind of harms that concerned the draftsmen of [ERISA's liability provisions]. Consequently, our references to the "entire plan" in Russell . . . Are beside the point in the defined contribution context.
For more information, email The McLaughlin Company
Friday, February 22, 2008
How does the Volunteer Protection Act Affect Your Organization?
In the 1980s, the number of lawsuits against nonprofit volunteers grew dramatically. As a result, insurance companies increased premiums and added exclusions causing many organizations to terminate coverage for volunteers. Consequently, the number of willing volunteers decreased in fear of a lawsuit against them personally.
To promote volunteerism, the Volunteer Protection Act (VPA) was signed in to law in 1997 under President Clinton. This Act pre-empts existing looser state laws protecting nonprofit volunteers. The law encourages the public to participate in social service, as these programs need workers to remain in existence.
The VPA protects volunteers against civil liability if:
To promote volunteerism, the Volunteer Protection Act (VPA) was signed in to law in 1997 under President Clinton. This Act pre-empts existing looser state laws protecting nonprofit volunteers. The law encourages the public to participate in social service, as these programs need workers to remain in existence.
The VPA protects volunteers against civil liability if:
- the volunteer was acting within the guidelines of his/her job description;
- the volunteer had the proper licenses, certifications or was authorized to act AND those acts were within his/her job description;
- the volunteer did not cause harm that was caused by willful or criminal misconduct, gross negligence, reckless misconduct or a conscious, flagrant indifference to the rights or safety of the individual harmed;
- the volunteer did not inflict harm while using of a motor vehicle, aircraft or other vehicle.
VPA provides consistent protection for all nonprofit personnel since the states’ laws vary.
More specifically, many states only provide protection to the organization’s director or board members, while others protect everyone associated with the organization. The VPA does not, however, protect a volunteer from litigation brought by the organization onto the volunteer for violating one of previously mentioned criteria.
Most importantly to the organization, the VPA does not protect the nonprofit organization from litigation; it only protects the volunteer. In other words, the organization may be liable for the negligent actions of the volunteer, even when the volunteer is immune from litigation under the VPA. Therefore, the burden of responsibility is on the organization to assure that its volunteers are acting in a lawful manner while carrying out the duties assigned to them by the nonprofit.
Examples of the Scope of VPA
- A child is severely injured while swimming at a church sponsored summer camp. The volunteer camp counselor who neglected to supervise the pool would not be liable for the incident. However, the church is liable for not hiring a properly trained lifeguard to supervise the pool.
- While driving several young players to a little league baseball game, a volunteer coach makes an illegal left turn and hits another car. In this instance, the volunteer is liable and is not immune under VPA or the state law because he violated a traffic law.
Consequences of VPA
Though the Act does encourage the public to volunteer without fear of litigation and assures that volunteer protection laws do not vary significantly from state-to-state, it also poses threats to the organization. With this added security blanket in place, volunteers may take more risks while doing assigned jobs or take on responsibilities without the proper training. Furthermore, they may not exercise the type of caution needed or become careless in their dealings with the populations the organization serves.
The Act may also deter organizations from enacting risk management programs to ensure that volunteers are properly trained, knowledgeable and prepared.
Organization Liability Prevention
To prevent excessive liability on your organization in response to the VPA, you should do the following:
- Establish a risk management program - A risk management program established by a designated committee will address factors that could negatively affect your organization. The committee should identify the high risks first which have the potential to be costly for the organization and/or may have a detrimental affect in another capacity.
- Have risk financing in place - To be prepared in the event of a lawsuit, your organization should have funding in place to pay for damages, legal expenses, injuries or other costs associated with litigation.
- Obtain general liability insurance - A general liability policy protects against bodily injury and property damage claims that are brought against the agency regarding acts committed by the volunteer. Many organizations do not have any general liability insurance to protect their personnel affiliated with the organization, whether they are an employee or volunteer. However, some have policies covering their employees, and boards and directors, but do not have policies covering volunteers. General liability insurance will protect an organization’s assets in the event of a lawsuit. In some cases, the VPA may also reduce the organization’s risk and, therefore, may reduce the insurance premium.
- Contact The McLaughlin Company to learn more about our cost-effective liability insurance solutions designed specifically to protect against litigation as a result of volunteer actions.
Tuesday, February 19, 2008
Duty To Defend Additional Insured Under New York
By Mr. Carl Pernicone, Wilson Elser Moskowitz Edelman & Dicker
Background
In BP Air Conditioning , BP Air Conditioning Corp. ("BP") subcontracted some of its work to Alfa Piping Corp. ("Alfa"). The purchase order memorializing the subcontract required Alfa to i) indemnify and hold BP harmless; and ii) obtain a "Comprehensive General Liability Insurance naming [BP] additional insured." OneBeacon Insurance Group ("OneBeacon") issued a general liability insurance policy to Alfa with an additional insured endorsement providing that " Such person or organization is an additional insured only with respect to liability arising out of your ongoing operations performed for that insured ."
Thereafter, Alfa and BP were sued in a personal injury action commenced by an employee of another BP subcontractor who slipped and fell at the work site. OneBeacon defended Alfa in the underlying action, but declined to defend BP. In response, BP filed a coverage action and moved for partial summary judgment contending that OneBeacon had a duty to defend it in the underlying action and to reimburse its past defense costs. OneBeacon countered that it had no duty to defend BP until it was determined that the alleged personal injury arose out of Alfa's activities, and that OneBeacon's responsibility, if any, for the costs of BP's defense could not be determined without first considering the liability of other applicable insurers.
The trial court granted BP summary judgment on the duty-to-defend issue, but declined to find OneBeacon primarily responsible for BP's defense costs. The Appellate Division of the First Department affirmed that OneBeacon had a duty to defend BP, but modified that BP's coverage under OneBeacon's policy was primary. The Court of Appeals modified the order of the First Department by reinstating decision of the trial court.
Decision
In deciding the duty-to-defend question, the Court of Appeals first examined the standard for determining whether a named insured is entitled to a defense. The court stated that it is well-settled that "an insurer's duty to defend [its insured] is 'exceedingly broad'" and "[i]f a complaint contains any facts or allegations which bring the claim even potentially within the protection purchased, the insurer is obligated to defend." Id. at 6 (emphasis supplied).
Next, the court noted that it is undisputed that Alfa agreed in the purchase order to name BP as an additional insured in its OneBeacon policy and that Alfa also agreed to indemnify and pay BP's attorneys' fees for any personal injury tort claim arising from Alfa's work. From there, citing Pecker Iron Works of N.Y. v. Travelers Ins. Co., 99 N.Y.2d 391, 393 (2003), the court concluded that "[t]he standard for determining whether an additional named insured is entitled to a defense is the same standard that is used to determine if a named insured is entitled to a defense."
The court rejected OneBeacon's argument that a threshold finding of actual liability is required before BP is entitled to a defense. Id. The court opined [since] there is a possibility that [the underlying claimant's] injuries "ar[ose] out of [Alfa's] ongoing operations performed for [BP]," OneBeacon's duty to defend BP is triggered. Id. at 9 (emphasis supplied) . The court further noted that this outcome is consistent with BP's "reasonable expectations" in that, based on the language of the purchase order and the policy, it was "reasonable" for BP to expect that it was entitled to broad protection against any liability that might be attributable to Alfa's activities.
On the "priority of insurance" issue, the Court of Appeals reversed the Appellate Division's ruling and held that, because none of the other relevant insurance was part of the record, "the priority of coverage cannot be determined."
BP Air Conditioning teaches this practical lesson of New York law: At least in the context of general liability coverage, where a named insured extends coverage to an additional insured and agrees in writing to defend and indemnify the additional insured from liability arising from the named insured's work, the additional insured is entitled to a duty to defend an underlying claim, alleging liability arising from the named insured's operations - even in the absence of an up-front determination that the named insured is actually liable. This result is consistent with the additional insured's "reasonable expectations" of coverage and well-settled principles of New York law concerning the breadth of an insurer's duty to defend.
Whether the additional insured coverage will be given "priority" over any other applicable insurance available to the additional insured is a case-by-case inquiry that will turn on the relevant policy wording.
To view a copy of the opinion, please go to http://www.wilsonelser.com
Thursday, February 14, 2008
Is a Commercial General Liability Policy Enough?
When a Commercial General Liability policy is written for a professional - including a labor union or a training fund, the intent is usually to insure the individual's or organization's liability exposures that are not of a professional nature. For example, an injury sustained by a guest when they fall in the lobby of the union’s building would clearly be covered by the Commercial General Liability policy. Many of the Commercial General Liability endorsements exclude coverage for "bodily injury, property damage, personal injury, or advertising injury arising out of the rendering or failing to render professional services in connection with..." a particular type of professional work.
We have always felt that Training Funds should have professional liability coverage for their instructional activity and the coverage must respond to contingent bodily injury and property damage claims. Because a Training Fund often engages in disseminating information by printed or oral means or over the internet, we also believe Training Funds need Publishers Liability Insurance, Personal & Advertising Injury – with contingent bodily injury and property damage liability endorsement.
We have always felt that Training Funds should have professional liability coverage for their instructional activity and the coverage must respond to contingent bodily injury and property damage claims. Because a Training Fund often engages in disseminating information by printed or oral means or over the internet, we also believe Training Funds need Publishers Liability Insurance, Personal & Advertising Injury – with contingent bodily injury and property damage liability endorsement.
Subscribe to:
Comments (Atom)
