Monday, April 30, 2012
IBC encourages Ontario to act with urgency on auto insurance file
The Insurance Bureau of Canada (IBC) is keeping a watchful eye on the impact of Ontario’s 2010 auto insurance reforms and ongoing related initiatives, urging the provincial government to act quickly on its commitments to amend the catastrophic impairment definition and Minor Injury Guideline.
Ontario committed to a new definition of a catastrophic impairment in its 2012 budget, and the Financial Services Commission of Ontario (FSCO) is currently working on this. FSCO says it also expects to have completed a new, evidence-based Minor Injury Treatment Protocol in two years.
In the meantime, FSCO is working on a range of other initiatives related to the auto insurance reforms, including measures to prevent auto insurance fraud.
All of these initiatives are key features of the auto insurance reforms that Ontario implemented in 2010, but the urgency to move the file along has not abated.
“Without urgency in reform delivery, and specifically in the definition of catastrophic impairment, the danger exists that reforms will not achieve government’s goals, the industry’s goals or, most importantly, meet the needs of consumers over the long-term,” IBC president and CEO Don Forgeron said in an address to the bureau’s annual general meeting in Toronto on Apr. 25.
Forgeron noted that while the industry waits for these items to be addressed, other auto insurance issues remain or are emerging on the IBC’s radar that may threaten the affordability of auto insurance in Ontario.
There are still some health care clinics and providers who regularly exact exorbitant payments for physical assessments of injuries,” he said. “This predatory practice adds far too much unnecessary cost to the system,” he said
“Also, bodily injury claims have been on the rise, with the loss ratio rising by more than 23 percentage points since the end of 2009.
“IBC has put forward solutions to these problems. We urge government to implement them.”
Ontario committee to hold public hearings on auto insurance
A committee of the Ontario legislature has voted to conduct a “fair and balanced study” into auto insurance industry practices and trends.
The Standing Committee on General Government passed a motion on Apr. 16 to strike the select committee, which will hold public hearings and propose recommendations to the minority government. The motion was presented by NDP MPP Rosario Marchese and passed despite objections by Liberal MPP Donna Cansfield.
The mandate of the committee is wide-ranging, but will include an examination of:
• the profitability of the property and casualty industry, with an emphasis on auto insurance underwriting in Ontario;
• the adequacy of medical-rehabilitations treatment per the capped minor injury guideline;
• the current definition of “catastrophic injury;”
• the auto insurance dispute resolution system;
• the impact of fraud in the insurance industry and on insurance rates; and
• risk assessment factors of drivers and corresponding rates assigned to particular drivers.
“We’re basically saying to the government that it needs to take steps to find out why claim costs are ballooning and to get a handle on the spiraling cost of injury claims that are driving up auto premiums and hurting household budgets, especially in some areas like the GTA and others,” Marchese said to the Standing Committee on Apr. 16.
He cited a report from the Alliance of Community Medical and Rehabilitation Providers, which says 42% of treatment requests are now being rejected by insurers. In addition, in about 50% of the cases in which an independent examination has been ordered, it’s now taking longer than 30 days for the report to be produced, according to Marchese.
“Something is happening; I’d like to know what it is,” he said.
IBC has said in the past that the results of the Alliance survey should be read in the context of the province’s efforts to curb the number of fraudulent insurance claims.
Marchese, who represents the Trinity-Spadina riding in Toronto, also indicated the committee will examine “the relationship between insurance underwriters and their sales representatives and/or the role independent brokers of insurance play in the industry. This would include an in-depth look at the extent to which brokers that portray themselves as independent of insurers really are independent.”
Ontario’s Standing Committee on General Government is a three-party committee composed
Industry reacts to Ontario auto insurance study
Another review of problems plaguing Ontario’s auto insurance sector will likely duplicate ongoing government-sponsored initiatives, according to Insurance Bureau of Canada (IBC).
IBC was responding to the recent announcement of a study by the Ontario Standing Committee on General Government into auto insurance industry practices and trends.
“IBC believes that most, if not all, of the issues being referred to the committee are already being dealt with by the government elsewhere,” says Ralph Palumbo, IBC vice president of Ontario.
In particular, he cites the anti-fraud task force formed by the McGuinty government and the expert panel examining an appropriate definition of catastrophic impairment.
“For example, the CAT issue was the subject of lengthy and rigorous review by an expert panel of health care providers,” Palumbo says. “All stakeholders were provided with the opportunity to make submissions, both in writing and before the panel itself. There is no need for another review.”
Other groups welcomed the news of a government-led auto insurance study, especially related to catastrophic impairment.
“We are optimistic that the formation of this committee will at least forestall any changes to CAT and will certainly provide an opportunity for our organization to engage in a meaningful dialogue relating to what we see as fundamental flaws in the current auto insurance system,” states Paul Harte, president of the Ontario Trial Lawyers Association in a notice to members.
It appears that committee intends to conduct a rare, far-reaching inquiry into insurance industry practices,” Harte adds. “This takes the business of insurance from the policy backrooms of FSCO and the Ministry of Finance to center stage at the legislature.”
Rick Orr, president of the Insurance Brokers Association of Ontario (IBAO), observed the actions of the standing committee appear to duplicate current ongoing efforts within the industry and government in areas such as auto reform review and fraud.
However, the association is interested in the examination of intermediary independence, according to Orr.
“We are pleased that they are looking at all intermediaries, not just brokers,” Orr said. “IBAO has a longstanding position against the ownership and control of brokers by insurers. I expect our discussions with the committee will . . . focus on issues such as strengthened transparency and disclosure.”
Both IBC and IBAO representatives indicated they would participate in the standing committee’s review process
Friday, April 13, 2012
Everyday carelessness with work data a major source of data breach liability
‘Hacktivists’ randomly exposing millions of dollars worth of personal and corporate information may grab media headlines, but more common — and equally disturbing — forms of data breaches relate to everyday carelessness with non-encrypted work data, according to a panel of experts discussing the topic on Apr. 11.
The Chartis-sponsored event, Data Breaches, Coming to a Network Near You, was held in Toronto on Apr. 11. Panelists at the event said companies need to do a better job of creating a “climate of security” regarding the everyday handling of sensitive work information that includes employee and client records.
This means more than making sure IT people plug any holes in the company’s software, observed Jason Straight, managing director of risk consulting company Kroll Inc. “There’s a patch for software, but there’s no patch for stupid.”
In his presentation, Straight observed that companies are still too casual about dealing with their sensitive information, unnecessarily exposing them to potential data breaches.
“I cannot tell you the sheer volume of the cases that we have of laptops that have been left at a supermarket parking lot,” he said. “We had one guy, he worked for the IT department of a major company, he left a laptop in his car when he went into the supermarket. It was stolen. And of course the data was not encrypted.
“You’d be amazed how many times that situation plays out.”
In addition, company employees and IT people can often be lax about passwords at work, caught in that grey area between securing information and simply trying to get their work done quickly.
“People make mistakes,” said Straight. “Sometimes it’s out of frustration of having to remember several passwords, so they just use the word ‘Password.’ Or they don’t change default passwords. I could speak for an hour about password data, but it is a huge issue and we see it again and again and again.”
Also, a weak economy has led to disgruntled employees. This may lead the employees to loot company data for the purposes of vengeance, sabotage or extortion.
Andrea Laing, partner at Osler Hoskin and Harcourt LLP, said encrypting data is crucial.
She noted the federal government introduced amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) in 2011 that would require companies to disclose a "material breach of security safeguards.”
Part of the notification test is whether “it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.”
If data stolen from the company is encrypted, it will be a lot more difficult to prove that it might “harm” someone if stolen, said Laing. “Sometimes it might be unclear as to whether the information could be used in a harmful way, but I would say that whether or not the data has been encrypted is a very, very important consideration.”
Several panelists suggested the urgent need for companies to establish policies about the proper and improper use of data. These policies can be used in court to establish that an employee stealing company information acted as a “rogue,” and clearly contrary to company policy. This can help to mitigate a company’s exposure to liability in the event of a data breach.
The Chartis-sponsored event, Data Breaches, Coming to a Network Near You, was held in Toronto on Apr. 11. Panelists at the event said companies need to do a better job of creating a “climate of security” regarding the everyday handling of sensitive work information that includes employee and client records.
This means more than making sure IT people plug any holes in the company’s software, observed Jason Straight, managing director of risk consulting company Kroll Inc. “There’s a patch for software, but there’s no patch for stupid.”
In his presentation, Straight observed that companies are still too casual about dealing with their sensitive information, unnecessarily exposing them to potential data breaches.
“I cannot tell you the sheer volume of the cases that we have of laptops that have been left at a supermarket parking lot,” he said. “We had one guy, he worked for the IT department of a major company, he left a laptop in his car when he went into the supermarket. It was stolen. And of course the data was not encrypted.
“You’d be amazed how many times that situation plays out.”
In addition, company employees and IT people can often be lax about passwords at work, caught in that grey area between securing information and simply trying to get their work done quickly.
“People make mistakes,” said Straight. “Sometimes it’s out of frustration of having to remember several passwords, so they just use the word ‘Password.’ Or they don’t change default passwords. I could speak for an hour about password data, but it is a huge issue and we see it again and again and again.”
Also, a weak economy has led to disgruntled employees. This may lead the employees to loot company data for the purposes of vengeance, sabotage or extortion.
Andrea Laing, partner at Osler Hoskin and Harcourt LLP, said encrypting data is crucial.
She noted the federal government introduced amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) in 2011 that would require companies to disclose a "material breach of security safeguards.”
Part of the notification test is whether “it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.”
If data stolen from the company is encrypted, it will be a lot more difficult to prove that it might “harm” someone if stolen, said Laing. “Sometimes it might be unclear as to whether the information could be used in a harmful way, but I would say that whether or not the data has been encrypted is a very, very important consideration.”
Several panelists suggested the urgent need for companies to establish policies about the proper and improper use of data. These policies can be used in court to establish that an employee stealing company information acted as a “rogue,” and clearly contrary to company policy. This can help to mitigate a company’s exposure to liability in the event of a data breach.
Customer retention is key for North American insurers: Gartner
The top priority for information technology leaders at insurance companies is keeping the clients they have, Gartner Inc. said in a recent report.
In a survey of IT professionals from five Canadian and 57 U.S. property and casualty insurers, 81% of respondents cited client retention as their Number 1 priority for technology investments.
“Insurers have increasingly been looking to customer retention as a means to preserve revenue and avoid customer churn,” said Kimberly Harris-Ferrante, vice president and distinguished analyst at Gartner. “Protecting the customer base through improved customer service is key for P&C insurers, as well as helping to avoid negative brand images as consumers continue to use social media channels to share complaints and opinions about insurance companies in a public forum.”
The next top-rated priority is to promote relationships with brokers and agents, followed closely by the need to move from legacy assets to more modern claims and policy management solutions, according to Gartner.
In a survey of IT professionals from five Canadian and 57 U.S. property and casualty insurers, 81% of respondents cited client retention as their Number 1 priority for technology investments.
“Insurers have increasingly been looking to customer retention as a means to preserve revenue and avoid customer churn,” said Kimberly Harris-Ferrante, vice president and distinguished analyst at Gartner. “Protecting the customer base through improved customer service is key for P&C insurers, as well as helping to avoid negative brand images as consumers continue to use social media channels to share complaints and opinions about insurance companies in a public forum.”
The next top-rated priority is to promote relationships with brokers and agents, followed closely by the need to move from legacy assets to more modern claims and policy management solutions, according to Gartner.
Denial-of-service attacks surge in 2012
A wave of distributed denial-of-service attacks plagued financial services companies during the first quarter of this year, according to a report from Prolexic Technologies Inc.
A distributed denial-of-service attack is one in which several compromised systems attack a single target, causing denial of service for legitimate users. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service.
The Florida-based company said its client data showed a 25% increase in the number of attacks in the first three months of 2012 compared to the same period last year. The largest number of attacks originated from China, followed by the United States and Russia.
“The considerable increase in attack intensity indicates that attackers are evolving their strategies, increasing their firepower and focusing on specific targets such as financial services,” the report noted.
It also stated shorter average duration of attacks showed hackers are using “shorter, stronger bursts of traffic to conduct” denial-of-service campaigns.
A distributed denial-of-service attack is one in which several compromised systems attack a single target, causing denial of service for legitimate users. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service.
The Florida-based company said its client data showed a 25% increase in the number of attacks in the first three months of 2012 compared to the same period last year. The largest number of attacks originated from China, followed by the United States and Russia.
“The considerable increase in attack intensity indicates that attackers are evolving their strategies, increasing their firepower and focusing on specific targets such as financial services,” the report noted.
It also stated shorter average duration of attacks showed hackers are using “shorter, stronger bursts of traffic to conduct” denial-of-service campaigns.
Ontario court ruling that establishes a civil action for privacy breaches is a "game-changer" for defence counsel: lawyer
The Ontario Court of Appeal’s decision in Jones v. Tsige, which found a right to a civil action for breach of privacy, may be a “game-changer” for insurance defence counsel.
“We have this [data breach] case out there, and it may well change the landscape,” Andrea Laing, a partner of Osler Hoskin and Harcourt LLP, told a Chartis-sponsored event in Toronto on Apr. 11. “We should pay attention to it.”
In Jones, Sandra Jones, a customer and employee of the Bank of Montreal, became aware that another bank employee, Winnie Tsige, had snooped in Jones’ personal financial records at the bank 174 times over a period of four years. Jones was the former spouse of an individual with whom Tsige was involved in a relationship.
Jones and Tsige apparently did not know each other but Tsige took advantage of her employment at the bank to snoop in Jones’ banking records.
In its ruling on the matter, the Ontario Court of Appeal found there is a cause of action in tort for invasion of privacy. The court says an element of the civil action would include, among others things: “a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. However, proof of harm to a recognized economic interest is not an element of the cause of action.”
Laing said these boundaries of the new tort remain somewhat vague. They may be better defined in the future through more civil actions related to data breaches. But defence counsel are particularly worried about the suggestion that the absence of a proven economic harm, the reason why many actions have failed before, may no longer be an avenue for dismissing an action.
“One of the problems we have with a test that doesn’t really create a bright line [is that] it is going to be very difficult to get future cases to be struck at a preliminary stage,” Laing said. “Indeed, in some cases, it may be necessary to take it all the way to trial just to demonstrate [the case doesn’t meet the test]. Obviously, this raises the costs of settlement. It raises defence costs.”
“We have this [data breach] case out there, and it may well change the landscape,” Andrea Laing, a partner of Osler Hoskin and Harcourt LLP, told a Chartis-sponsored event in Toronto on Apr. 11. “We should pay attention to it.”
In Jones, Sandra Jones, a customer and employee of the Bank of Montreal, became aware that another bank employee, Winnie Tsige, had snooped in Jones’ personal financial records at the bank 174 times over a period of four years. Jones was the former spouse of an individual with whom Tsige was involved in a relationship.
Jones and Tsige apparently did not know each other but Tsige took advantage of her employment at the bank to snoop in Jones’ banking records.
In its ruling on the matter, the Ontario Court of Appeal found there is a cause of action in tort for invasion of privacy. The court says an element of the civil action would include, among others things: “a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. However, proof of harm to a recognized economic interest is not an element of the cause of action.”
Laing said these boundaries of the new tort remain somewhat vague. They may be better defined in the future through more civil actions related to data breaches. But defence counsel are particularly worried about the suggestion that the absence of a proven economic harm, the reason why many actions have failed before, may no longer be an avenue for dismissing an action.
“One of the problems we have with a test that doesn’t really create a bright line [is that] it is going to be very difficult to get future cases to be struck at a preliminary stage,” Laing said. “Indeed, in some cases, it may be necessary to take it all the way to trial just to demonstrate [the case doesn’t meet the test]. Obviously, this raises the costs of settlement. It raises defence costs.”
Subscribe to:
Posts (Atom)