Author: Richard Lund

Recently SwissRe was asked about using thumb drives to deliver policies to the insured rather than the traditional paper copies. Following is the information given.

Q. Is there an E&O issue if we send thumb drives to our clients containing their policies rather than the paper policies? Is there anything we need to do specifically with this type of policy deliver method?

A. A question specifically related to the use of thumb drives has never been presented to us, although the issue of electronic policy delivery has been addressed previously by the IIABA, the IIABA Agents Council for Technology (ACT) and us (SwissRe). Because electronic delivery has been a topic of discussion, we consulted with several individuals to try to analyze the issues that might be presented with delivering policies via a thumb drive.

What initially seems like a simple question actually has many facets that must be considered when utilizing this method of policy delivery. While computers have certainly made the insurance business easier, it does require that proper precautions be taken.

The initial question appears to indicate that the agency is currently delivering paper policies, so that belief was the basis of our review.

Whenever a policy is delivered, regardless of the method, there is a potential opportunity for an E&O exposure. In 2013, ACT developed "Best Practices Recommendations for Delivery of Insurance Policies to Agents & Insureds" identifying potential exposures and the steps necessary to avoid them. While it is more directed toward electronic delivery, it addresses many issues regardless of the method of delivery. Here is the link to that report:

• Best Practices Recommendations for Delivery of Insurance Policies to Agents and Insureds
  

• Confirm and document with the recipient before the thumb drive is sent that they are willing to accept their policies and documentation in this manner.
  
• Ensure that you comply with state regulation regarding policy delivery.
  
• All thumb drives should be secured using a password and username.
  
• All thumb drives should utilize two-step verification.
  
• All thumb drives should have proper encryption to ensure that the data is only accessible by the parties with whom it is intended.
  
• All thumb drives should be obtained from a reliable source and clear of any embedded third party software.
  
• All thumb drives should be scanned with anti-virus software both before the data is added and after to ensure that no virus, malware or any other electronic issues arise when the recipient accesses the information.
  
• All documents should be in a .pdf or other non-alterable format.
  
• Proof of delivery to the proper party must be confirmed either electronically or using some mail method of confirmation including but not limited to return mail receipts.
  
• Confirm and document with the recipient that they have in fact received the documents. This can be done electronically either (email) or regular mail.
  
• Review you cyber liability and data privacy policy to determine if there is coverage for damages caused to third parties due to the use of the thumb drives.
  
• Review this Wikipedia link regarding "USB Flash Drive Security" for additional information.
  
• Consider the question of costs associated with taking proper security measures in addition to the cost of the thumb drive.
  

While we identified the above as some potential E&O exposure, and we believe this is a good list, there could be other exposures of which we are not aware.

An alternative to using a thumb drive is to consider delivery either via email or creating a web portal on the agency website. Both methods also require that the agency utilize security measures to ensure that the parties receive the documents to whom they are intended, including but not limited to:

• End to end encryption.
  
• Anti-virus and anti-malware protection.
  
• Username and password.
  
• Two-step verification.
  
• Many of the recommendations for thumb drives may also be applicable.
  

Utilizing these methods may be less expensive and provide greater security than sending thumb drives.

As I mentioned earlier, electronic delivery of policies is not a new issue, so I did a search on the IIABA website for "Electronic Delivery of Policies" resulting in 56 hits. Here is the link to that search:

• Electronic delivery of policy search
  

I am highlighting two among the many that I believe are good sources that address the subject:

• Electronic Policy Delivery – A Game Changer
  
• Maintaining Policies Locally in Today's Agency and Emailing Policies to Clients
  

We hope this provides sufficient guidance.

Last Updated: October 27, 2017