Most commercial contracts address insurance coverage requirements in a standard boilerplate provision. While sufficient for some transactions, deals involving greater risk often require a more customized approach. For example, when contracting with a vendor for the provision of marketing services or for use of marketing tools or technology, the vendor will most likely require access to proprietary information about your customers or prospects. And if this information includes any “personal data,” as such term is defined under various consumer data protection laws, the level of risk will be much greater, and therefore, will require enhanced protections within the contract, including potentially increased insurance coverage.

Understanding the Risks

Personal data, including names, addresses, phone numbers, and email addresses, is sensitive information. In the wrong hands, it can lead to identity theft, fraud, and significant reputational damage for the affected individuals and the businesses responsible for safeguarding their data.

Marketing vendors often collect, process, and store personal data as part of their campaigns. Whether it's for email marketing, targeted advertising, or customer relationship management, any mishandling of this data can result in severe consequences, including regulatory fines, legal liabilities, and loss of customer trust.

Role of Insurance Coverage

Given the potential risks associated with personal data handling, businesses must ensure that their marketing vendors have adequate insurance coverage, in both types and amounts. Here's why:

  1. Financial Protection: In the event of a data breach or privacy violation, insurance coverage can help mitigate the financial impact on both the client and the vendor. This includes covering legal fees, settlement costs, and any regulatory fines imposed for non-compliance.
  2. Reputational Management: A data breach can severely damage a company's reputation and erode consumer trust. Having insurance coverage in place demonstrates a commitment to addressing and rectifying any data security incidents promptly, which can help preserve the client's reputation.
  3. Compliance Requirements: Many industries have stringent regulations governing the handling of personal data, such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA), and many other state laws in the United States. Insurance coverage that includes compliance with these regulations ensures that both the client and the vendor meet their legal obligations.

Key Coverage Elements

Specific types of insurance are crucial for addressing the risks associated with personal data handling:

  • General Liability. This is the most standard, basic insurance policy.
  • Umbrella Policy: Provides additional coverage beyond the limits of other policies.
  • Professional Errors and Omissions (E&O): Protects against claims of professional negligence or failure to perform professional duties.
  • Cyber Liability Insurance: Specifically covers losses resulting from data breaches and cyberattacks.

Finally, with respect to assessing the appropriate coverage amount for each type of insurance, this determination will vary based on many factors, including the nature and scope of the transactions, the size and reliability of the vendor, the volume and sensitivity level of any personal data being shared, etc.

Contract Language

In addition to ensuring that specific types and amounts of coverage are included, it is also important to carefully review all contractual language relating to insurance, particularly as it relates to with the following key terms:

  1. Additional Insured Language: This ensures that the customer is included as an additional insured party under the vendor's insurance policy. In the event of a claim, the customer can directly access the vendor's coverage without delays or disputes. Ideally, the customer, as well as any affiliate and subsidiaries and its officers, directors, employees and agents will also be included.
  2. Waiver of Subrogation: A waiver of subrogation prevents the insurance company from seeking reimbursement or collecting losses from a third party (or even one of the parties) that may have caused or partially contributed to the loss or damage after the vendor's insurance company has satisfied the claim with the customer. The inclusion of this provision typically enables the customer to collect the insurance proceeds faster without the need for a drawn out investigation or costly litigation to help determine who was at fault. The drawback to this waiver is increased cost since the insurance company is effectively taking on more risk.
  3. Primary and Non-Contributory Clause: These clauses stipulate that the vendor's insurance coverage is primary meaning it pays first, and it will not seek contribution from any other insurance policies held by the customer. In other words, the vendor's insurance pays for the entire loss arising from any incidents, and the customer's insurance company is not responsible for sharing in the loss.

Conclusion

In this era of digital commerce, data privacy and security concerns have become paramount, requiring businesses to prioritize the protection of their customers' personal data when entering into agreements with marketing vendors. Adequate insurance coverage, with specific provisions such as additional insured language, waiver of subrogation, and non-contributory clauses, is essential for safeguarding against potential risks and liabilities. By ensuring that their marketing vendors have the correct insurance coverage in place, businesses can minimize exposure to financial losses, legal liabilities, and reputational damage resulting from data breaches and privacy violations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.