While professional liability insurance is not new, applying it to the exposures of data-related services is. As insurers rushed to capitalize on this new trend, they simply turned to insurance products that were already being applied to the more traditional exposures of other professional services. This leaves the service provider and their customer at risk.
In the case of data breach notification coverage, the problem is similar. Insurers originally developed insurance products aimed at the exposures of organizations, such as hospitals and banks, with a direct regulatory responsibility to provide data breach notification to consumers. When data-related service providers started asking for data breach coverage, insurers turned to those same products. Unfortunately, there is a big difference between insurance to cover data breach notification costs of a bank or hospital and insurance to cover the data breach notification cost of a third party data processor.
Downstream Data Coverage is the only professional liability coverage designed to specifically cover the data protection exposures of services providers. As a result, both the service provider and their clients are better protected.
Keeping Good Company: By restricting the coverage only to NAID AAA Certified companies, the likelihood of claims is significantly lowered. Policy holders are therefore included in an exclusive pool of policy holders whose shared risk is lower than the general population of service providers, which leads to lower insurance premiums.
The Game Plan is Member-Ownership: With the inevitable success of Downstream Data Coverage, the policy will eventually become part of a NAID Captive Insurance Program. This means that the insurance company will quite literally be owned by NAID, and have significantly more control of premiums and dividends to policy holders.