Across Canada, many consultants regularly do good, hard work for their clients and rarely encounter hiccups. However, when those problems do occur, they can create major issues for client and consultant alike, and they may be something for which the latter is held liable. And that can happen despite any and all efforts to follow standard best practices for the industries in which they’re working. As a consequence, it’s vital for these professionals to have the right kinds of errors and omission or general liability insurance.
One recent case recently ended in a six-figure settlement between a health care provider in Edmonton and thousands of people whose personal information was exposed in a data breach, according to a report from the Edmonton Journal. In all, the settlement will cost the companies and people against whom the suit was brought – Medicentres Canada Inc., AbleIT Inc. and third parties – some $725,000, though the original suit sought $11 million.
“We’re hoping that this sends a message out there to corporate Canada that they have got to be more careful when they’re dealing with personal records,” Clint Docken, of the law firm that brought the class action, told the newspaper.
Back in September 2013, a laptop containing names, birth dates, Alberta Health Care numbers and Alberta Health diagnostic codes for some 620,000 people who visited a Medicentre clinic in either Edmonton or Calgary over a period of nearly two and a half years was stolen from an Edmonton facility, the report said. This information was stored, unencrypted, on the computer of an IT consultant.
The suit named a number of different types of potential claimants, the report said. They included some who suffered mental distress as a result of the theft and had to get health care treatments for it, others worried about being the subject of identity theft, and those who could actually prove their identities were stolen.
While the settlement was reached, it has yet to be finalized, the report said. A hearing will take place in July to determine whether the agreement is fair to all claimants.
What’s the takeaway?
Certainly, the consultant in this case did not mean for his or her laptop to be stolen, but the fact is that it was. Consequently, the resulting settlement can in some ways be seen as an object lesson in why it’s so important to properly protect sensitive data and follow industry standard best practices (such as encrypting all sensitive data) when dealing with any number of issues that might come across a consultant’s desk.
But even when best practices are followed, things can still go awry, and liability can come down on consultants. For this reason, having the right types of insurance coverage to protect them from the financial fallout of these potential problems can be extremely beneficial, and shield them from potentially massive liability costs that could otherwise do extensive damage to their companies.
“An organization looking to hire a consultant to do work on its behalf has to be aware that it can be held liable for actions of those consultants,” states Kent Pitkin, National Director Commercial Lines at APRIL Canada. “This can extend to the peril of cyber insurance if the job the consultant has been hired to do relates to private data. Being aware of this exposure and purchasing the appropriate cyber policy to cover this exposure is very important. Personal data exposure is a growing risk, and organizations need to bear this in mind when looking at their overall exposure.”