Answering the risk questions is the least fun part of setting up your policy. The questions are compiled by underwriters and can cause a bit of confusion. Let’s take a look at the professional indemnity risk questions and why the insurer is asking them.
Each professional activity has its own set of risk questions. We ask these questions to confirm you’re doing what you can to minimise the common risks your profession faces. Answering ‘false’ to a question doesn’t mean we can’t arrange your insurance, but we’d want to know what processes you have in place to mitigate that particular risk.
Web design
There are two risk questions for the web design activity.
Please confirm:
- You do not collect personally identifiable information
- You do not offer payment processing services
Personally identifiable information
The insurer provides a definition of what ‘personally identifiable information’ (PII) means in the policy wording.
Personally identifiable information means:
- medical or health care information concerning the individual;
- information concerning the individual that is defined as private personal information under statutes enacted to protect such information in any country, for Claims subject to the law of such jurisdiction;
- information concerning the individual that is defined as private personal information under a Breach Notice Law; or
- the individual’s:
- governmental identification number including a drivers licence or state or provincial identification number or a social security number;
- unpublished telephone number; or
- credit, debit or other financial account numbers in combination with associated security codes, access codes, passwords or pins;
If you’re collecting information that can be used to reliably identify, contact or allow access to the individual’s financial account or medical record information then you’d need to answer ‘false’.
Collecting publicly available information that is lawfully made available to the general public from government records is okay. For example, if you collect a business address which is already available to the public you can answer ‘true’.
If in doubt you can answer ‘false’ to this question, but you must then confirm that you have explicit consent from the data subject to collect this data. Everything should be inline with GDPR and data protection regulations.
Payment processing services
Payment processing is an excluded professional service, which is why the insurer asks you to confirm you don’t offer this. You can answer ‘true’ if using a third-party payment processing service like Stripe, PayPal etc.
Web development
There are three risk questions for the web development / software contractor activity.
Please confirm:
- You do not collect any payment card data
- You take reasonable steps to ensure you have good license in any content
- You do not negotiate the cost of a pay per click contract
Payment card data
Using a third-party like Stripe to collect payment card data doesn’t need to be disclosed. If that’s the case the onus us on the third-party to store that data.
However, if you’re collecting and storing payment card data on your own servers we’d want to answer ‘false’ and disclose this to the insurer. The insurer might ask some follow-up questions around how you ensure the data is secure.
Good license
Whenever using third-party content it’s important you have the correct licenses. For example, if using a framework that requires a license it’s your duty to take reasonable steps to stay on the right side of IP law.
Pay per click contract
If a question about pay per click seems odd for a web developer policy, it’s because the search engine optimisation activity is bundled with web development. If a question isn’t relevant to the work you do, you can answer ‘true’.
Digital marketing
The digital marketing activity encompasses services like advertising or marketing consultancy, providing digital content, market research and search engine optimisation. There are four risk questions.
Please confirm:
- You have a written process in place to check whether you need a license for any image, music or other third party content, and whether you have an appropriate license
- If you design TV advertising campaigns, no contract exceeds £500,000
- You get written client sign off of all content before it is printed or otherwise sent out, aired or published.
- If you are to contact your client’s consumers you have explicit permission from your client to do so and a contractual indemnity if they have supplied you with incorrect data
Written process
Most freelancers don’t have something as official as a written process to check if they need a license for third-party content. You can answer ‘false’ to this, but you must then confirm you know you can’t use third-party content without the correct license. This is important otherwise you’re opening yourself up to claims of copyright infringement.
The written process doesn’t have to be anything complicated. It can be a simple guideline around where you source images, fonts, video etc from, what types of licenses are available and what they mean.
TV advertising campaigns
This is self-explanatory, but we find this question isn’t hugely relevant for our customers. If a question isn’t relevant to the work you do, you can answer ‘true’.
Written client sign off
Confirming you get written client sign off is to ensure you’re not publishing content without client approval. Publishing without sign off means you’re vulnerable to claims of dissatisfaction or mistakes in your work being overlooked.
If you’re responsible for posting on client’s social media accounts you probably won’t be getting sign off on every piece of content. In that case you’d answer ‘false’, but to reduce the risk of claims being brought against you make sure your client has agreed to your terms around you publishing on their behalf.
Explicit permission
This question relates to those in marketing that may reach out to client’s customers on their behalf to conduct market research. It’s important to comply with GDPR, which means only contacting consumers with your client’s explicit permission.
The contractual indemnity puts the onus on your client to ensure they’re providing you with the correct data and you’re not contacting people without consent.
Illustration
Illustrators will be pleased to know there is only one risk question.
Please confirm:
- Before your work is published there is a review process by the publisher to assess whether any content is defamatory or contentious
This follows similar principles to other risk questions, which is making sure a customer is satisfied before anything is committed to in print.
Copywriting
Lastly we’ll look at the copywriting risk questions. There are three questions, most of them relating to sign off. The reason for this is to avoid copy going to print if it’s incorrect or with a typo.
Please confirm:
- Your text is signed off by your client before publishing, that it is appropriate and not contentious
- You get written client sign off of all content before it is printed or otherwise sent out, aired or published
- You have a written process in place to check whether you need a license for any image, music or other third party content, and whether you have an appropriate license
Text is signed off
Having your text signed off by your client means you’re less vulnerable to claims of dissatisfaction or publishing copy the client considers harmful. Answering ‘true’ to this shows the insurer you’re taking reasonable steps to avoid a claim.
Written client sign off
This doesn’t have to be anything too formal—an email or a comment in a project management tool that shows the client has approved your content means you can answer ‘true’. Retaining an audit trail is important because, if there are any issues around the client accusing you of publishing something they’re unhappy with, you can defuse situations by showing the content was approved.
Written process
Most freelancers don’t have something as official as a written process to check if they need a license for third-party content. You can answer ‘false’ to this, but you must confirm you know you can’t use third-party content without the correct license. This is important otherwise you’re opening yourself up to claims of copyright infringement.
The written process doesn’t have to be anything complicated. It can be a simple guideline around where you source images, fonts, video etc from, what types of licenses are available and what they mean.
