What Is Third-Party Liability?
Third-party liability is the responsibility you have for your clients' data. If one of your clients suffers a data breach, doesn't have insurance, and wants to recover some of their losses, they can sue you – and depending on the circumstances,
you might be found partially liable for the breach.
Here's the kicker, though: even if you're not found liable for causing a data breach, you may still be responsible for paying legal expenses (including lawyers' bills) if and when a customer sues you.
The good news? You can insure yourself against the costs associated with third-party cyber liability. In fact, you may already have insurance protection for these risks. Most Errors and Omissions Insurance policies for IT firms include basic third-party Cyber Liability coverage. So if you already have an E and O policy, you likely have protection for any third-party
liability your work exposes you to.
So what kinds of events might cause you to be liable for a client's data breach? The following are examples:
- Failure to anticipate or prevent the transmission of a virus to a third party. (E.g., a security gap in your software lets a virus onto your client's machine and it spreads to all your client's email contacts.)
- The misuse, disclosure, or theft of confidential information stored on a network. This is your classic data breach: one or more of the systems you set up allows a hacker to access and/or expose your clients' customers' information.
- Infringement of the right to privacy. This could involve an event in which a system you built fails to keep confidential information (e.g., medical records) properly secure.
How to Educate Your Clients to Reduce Your Risk Exposures
These client education strategies can help you prevent data breaches and the lawsuits they can trigger.
Make sure your clients…
- Create strong passwords and update them regularly.
- Invest in antivirus software for all computers and mobile devices.
- Update software and operating systems with the latest security patches.
- Limit access to sensitive data (i.e., don't give everyone access to everything).
- Log out of machines when not using them.
- Invest in first-party Cyber Liability Insurance to manage the costs of any data breaches that happen.
Make sure you…
- Create a glossary or definitions page. If you've noticed that a lot of your clients have questions about certain phrases or concepts you frequently encounter in your work, create a brief glossary document you can hand out to
new clients. This will help clarify key concepts from the beginning and prevent the kind of misunderstandings that can lead to lawsuits.
- Ask questions at the beginning of a contract. Before beginning a project, be sure you're clear about what your client expects from you and about what you can reasonably deliver. Particularly when you're working with someone
who's not especially tech-savvy, it's difficult to over-communicate the expected parameters of a project.
- Talk through expected outcomes in detail. Many non-technical clients understand outcomes better than the components or processes that yield those outcomes. Be sure to take the time to get on the same page about what the final product
will look like to prevent misunderstandings after hours of work.
Next: Risk Management through Contracts