PRIVACY LEGISLATION – AM I COVERED??

Written by: Darren Loades


Managing Director of Insurance Advisement Australia

Recent changes to the Privacy Legislation in Australia have prompted quite a lot of enquiries from my clients in regards to where they stand on this matter, from a Professional Indemnity Insurance perspective?


Now, essentially Professional Indemnity (PI) Insurance covers you for claims made against you whereby there has been an alleged negligent and/or wrongful act on your behalf in the performance of your professional duties, however the good policies on the market go a fair bit further than that, and your new obligations under the amended Privacy Act are a very good example of this.


If you are unfortunately brought into a “dispute” and/or “investigation” involving your responsibilities under the new Privacy Legislation there are several sections of cover in your Professional Indemnity policy that could and should respond.


The first of these is Legal Representation Expenses and even the most ordinary of policies on the market should include this. It essentially provides cover for initial defense costs to represent your interests at any formal investigation carried out by the Office of the Australian Information Commissioner. It is important  that you are aware you have access to this cover and to not go into any investigation of this nature without proper advice/representation, so as to avoid not only prejudicing your own position, but also that of your insurer, which could have disastrous ramifications for you.


Subsequent to the initial investigation, if things do not go your way and you are ultimately slapped with a fine and/or penalty, providing your policy includes a Statutory Liability extension you could even claim this cost under your policy as well. I should stress though that most PI policies on the market do not include this cover whereas the one we provide (i.e. FINANCE BROKERS PI PLUS) automatically does, up to $100,000 any one incident/ claim. You should therefore check with your broker/insurer to see what, if any, cover your current policy provides in this era.


Of course, it need not be a Government Body holding you to account in this area, it may well be your client, a trading partner/referrer or even a lender. In these instances, these parties of course have the right to seek compensation, through civil actions, if they believe their personal information and/or rights under the Privacy Legislation have been breached.


Now, most PI policies on the market SHOULD respond to this scenario BUT PI Policy wordings are complicated beasts (probably the most complicated you can get actually!) and they do hinge on what the definition is of “Insured Professional Services” and what constitutes a negligent and/or wrongful act and thereby triggers the policy into action.


So, you could have a situation whereby the insurer takes the position that the alleged breach of the Privacy Legislation DIDN’T actually result from any “negligent and / or wrongful act” by you in the course of conducting your “professional services” and as such the policy is NOT triggered and you are therefore left to fund your own defense, and of course pay out of your own pocket any award settlement handed down against you!

 
It is far better than that you have a policy that specifically states that it does extend to include cover for alleged breaches of privacy, which ours of course does, so again you should check to ensure your policy clearly does as well!


As a side note to all this, in response to the growing risk exposures now being faced in regards to the electronic storage of information, several insurers have recently released “cyber-attack” style policies which cover you for loss in the event your system has been hacked and the information contained therein subsequently compromised. This type of cover “dovetails” nicely with a PI policy in that it immediately provides you with specialist services to firstly get your system up and running again and then also restrict and / or retrieve any lost information. This, I believe, is a vital addition to your business continuity protection program which could not only save you lost income / downtime but also help “nip in the bud” any potential PI claim you may face from a client, should their confidential information be hacked from your system!

          
Because of this “dovetail” type relationship with your PI policy we have just recently upgraded our product to give you the option of including this cover as an extension of the policy – premiums start from a very low $100 (plus gov’t charges) for a $50,000 cover which is an extremely convenient and cheap way of purchasing this important cover.


So in closing, yes there is no doubt that the new Privacy Legislation changes do impose further responsibilities on you in the course of conducting your business, but there is insurance protection available should you inadvertently stumble in this area – you just need to take the time to ensure you are getting the right advice and cover!