Posted on 13 Sep 2012 by Neilson
ACE USA, the U.S.-based retail operations of the ACE Group, today announced the introduction of the Law Firm Privacy Protection endorsement by its Professional Risk Division. This endorsement is designed to complement ACE’s already expansive Privacy Protection policy in conjunction with supplementing a law firm’s traditional legal malpractice program.
Most professional liability policies respond to third-party privacy claims. However, they do not typically indemnify law firms for the first-party costs associated with a data breach. First-party coverage is imperative as these costs rise, the number of data breaches increases, and notification requirements imposed by state and Federal regulators become more comprehensive. ACE’s Privacy Protection policy provides this vital first-party coverage. With the addition of the Law Firm Privacy Protection endorsement, ACE offers a clear response to a claim that is presented in combination with a legal malpractice policy.
“Law firms face significant liability when confidential client or proprietary information is lost or compromised through targeted attacks by third parties,” said Toby Merrill, Vice President, ACE Professional Risk. “Given the recent modifications to Section 105A of the ABA Model Rules of Professional Conduct, which focuses on extending a lawyer’s obligations of confidentiality to electronic records and communications including the use of reasonable efforts to safeguard against unauthorized access, ACE provides a clear solution by tailoring this privacy coverage to supplement a law firm’s legal malpractice policy.”
ACE helps firms mitigate the financial and reputational risks associated with privacy breaches, covering first-party expenses and providing access to a suite of data breach specialists and other important benefits.
These benefits include:
- Access to the Data Breach Team, an independent panel of specialists in the legal, computer forensic, notification, call center, public relations, fraud consultation, credit monitoring, and identity restoration service areas
- Free access to the eRisk Hub®, a web-based loss prevention resource containing information and technical resources to help policyholders manage their privacy and network risk
- Coverage for breaches of confidential corporate, consumer, and employee information
- Coverage for Wrongful Acts of Insured and its service providers
- Coverage for regulatory fines and penalties
In addition, the Law Firm Privacy Protection endorsement tailors the ACE Privacy Protection policy to address the specific exposures of a law firm. These include:
- No professional services exclusion
- Coverage written on a duty to pay versus duty to defend basis to align with many legal malpractice policies
- Amending the Other Insurance clause to follow excess over a law firm’s legal malpractice policy in order to provide a difference in conditions approach
When combined with the Law Firm Privacy Protection endorsement, ACE’s Privacy Protection policy bridges the gap between risk transfer and purchased loss control, creating a comprehensive risk management program for privacy, data breach, and network security risk.
ACE Professional Risk, a division of ACE USA, is staffed by a specialized team of innovative underwriters and provides management liability and professional liability products throughout the U.S. For more information about ACE Professional Risk and its range of products and services, please contact Michael Tanenbaum at firstname.lastname@example.org or call (201) 479-6336, or visit our website.
Product highlights are summaries only; please see the actual policy for terms and conditions. Products may not be available in all locations and remain subject to ACE Professional Risk’s underwriting criteria. ACE USA shall not be a party to any agreement entered into between any Data Breach Team service provider and an ACE policyholder. It is understood that Data Breach Team service providers are independent contractors and are not agents of ACE USA. ACE USA assumes no liability arising out of any services rendered by a Data Breach Team service provider.