This webpage provides information to NAID members, prospective members and their customers about Downstream Data Coverage, a professional liability insurance product developed for data-related vendors that is available as a benefit of NAID membership to companies that meet the underwriter's eligibility requirements.
Data-related service providers obtain professional liability insurance to protect themselves and to ensure they can cover their financial liabilities to their clients. When a service provider purchases an inadequate professional liability policy, they not only put themselves at risk, they also leave their customer exposed. Downstream Data Coverage seeks to make sure that doesn't happen. Here’s how…
A Specialized Policy: At its core, Downstream Data Coverage is professional liability insurance, developed exclusively for NAID members to address many of the shortcomings of standard professional liability coverage that leave service providers and their customers at risk.
Reputation and Resources: For the last 17 years, National Association for Information Destruction (NAID) has been known for its in-depth understanding of current data protection regulations, as well as its perspective as a consumer protection advocate and industry watchdog. Backed by Lloyds’ strength and experience, and NAID’s knowledge of data protection regulations and customer focus, Downstream Data Coverage is a policy that both the service provider and their clients can trust to protect them.
Service Provider Qualifications: Downstream Data Coverage is only available to service providers that are subject to the routine announced and unannounced audits of NAID AAA Certification. This means that not only is the service protecting the customer with quality professional liability insurance, the service provider is also operating under the scrutiny of outside auditors trained specifically for that purpose.
The Downstream Vision: The immediate goal of Downstream Data Coverage is to provide data-related service providers with a policy that best protects them and meets their clients’ needs. In time, however, the mechanisms are already in place to make Downstream Data Coverage part of a member-owned captive insurance program - meaning lower premiums with better coverage.
When organizations first started asking their data-related service providers to have insurance to cover financial damages in the unlikely event of a data breach, service providers turned to off-the-shelf professional liability coverage. They had no alternative.
Unfortunately, while that might have satisfied the customers’ requirement, it often did not provide them with the protection they sought. In fact, the types of claims routinely excluded in those policies, such as claims resulting from the intentional acts of employees or claims resulting violation of federal regulations, were the areas MOST likely to cause a claim in the first place.
Of course, the customer is also at greater risk as a result because their service provider would not be able to effectively cover their liability.
NAID was the first to bring this issue to light. As a result, some insurers modified their language to fix this problem. Had NAID not made it an issue, there would likely have been no action taken. Of course, most insurance companies did nothing and still sell inferior or inadequate professional liability insurance to data-related service providers.
The problem is then, and is today, insurance companies often miss the subtleties of providing coverage to data-related providers. Even today, the language related to “data breach notification” coverage and, what is known as “cybercoverage,” have critical flaws.
We have little doubt that the insurance industry will follow Downstream Data Coverage’s lead. They will have no choice.
It took an organization that understood the regulations, and that put the service provider’s interests and their customer’s interests first to find and address the issues. The kind of organization that service providers and their clients need to be “watching their back.”