CHICAGO — An uptick in charges filed by the U.S. Equal Employment Opportunity Commission and data and privacy issues present significant risks for law firms and other professional firms.
They were the topics at the Professional Liability Underwriting Society's 2013 Professional Risk and Medical Professional Liability Symposia.
As companies and organizations in 2008 saw heightened EEOC activity affecting employment practices liability claims, many blamed the poor economy, said Edward T. McNally, national employment practices liability practice leader at CNA Financial Corp.'s commercial and financial institutions practice in Overland Park, Kan.
“But that's not the case,” he said. “The primary drivers are new legislation and new cases.”
The Americans with Disabilities Act, as amended by the ADA Amendments Act of 2008, strengthened the EEOC's ability to pursue potential violations, Mr. McNally said.
While many employers had to cut their staff during the weak economy, that often spurs more employees to raise grievances, said Gregory C. Draddy, New York-based vice president of the large commercial group at Arch Insurance Group Inc.
“Unhappy employees sue,” Mr. Draddy said. “The new legislation just gives them more avenues to have their voice heard.”
The employment practices liability marketplace is “definitely” hardening as “underwriters are getting back to underwriting,” said Thomas A. Ciano, senior vice president and regional management and professional services practice leader for USI Insurance Services L.L.C. in Woburn, Mass.
“We're seeing the (EPL) marketplace increasing retentions, tightening underwriting, and looking for more information,” he said, noting that he's seen rate increases of 25% to 30%.
Once the EEOC has filed a charge, companies and organizations need to report the claim immediately to their EPL insurers, the panelists said.
“It's the most consistent (reason for) denial of a claim that I have seen,” said Kari Pitts, Dallas-based vice president of CRC Insurance Services Inc., during the session. “Report, report, report,” she said.
Also at the April 8-10 conference held at the Hyatt Regency Chicago, speakers said cyber breaches are a particular risk for law firms, accounting firms and other such companies. They are at risk of privacy breaches as they often house many sensitive records and lack the security available to larger financial institutions such as banks, panelists said.
According to a recent Ponemon Institute L.L.C. study, the average cost per record in a data breach was $194, said Kari A. Timm, a partner at Walker Wilcox Matousek L.L.P. in Chicago.
The average data breach involves about 28,000 records and costs an organization $5.5 million, Ms. Timm said.
Law firm records are “definitely a target,” said Regan E. Miller, associate director at insurance broker John L. Wortham & Son L.P. in Houston. “The amount of information and how accessible it could be provides a rich potential for hackers.”
Ms. Timm said there's a slow uptake on cyber liability insurance as some professional firms do not consider themselves a target for hackers and breaches.
For professional firms to manage the risk, start with a comprehensive policy for employees that centers around training, said Jeremy Henley, insurance solutions executive at ID Experts Corp. in San Diego.
As a result of a breach, professional firms should exercise their response plans, which should be crafted well in advance and define specific actions should there be a data breach regardless of its size, Mr. Henley said.
“Assume it's going to happen” and try to “limit the size and severity” of the breach, Mr. Henley said.
About 690 people attended the conference. Next year's conference is scheduled for April 23-25, 2014, at the Marriott Marquis in Atlanta.
For more information, visit plusweb.org.