From our perch overlooking the insurance industry in Quebec, Clyde & Co has identified five important trends that we think will play a significant role in shaping legal issues of interest to insurers in 2018.
- Insurance - Legislative changes to modernize the insurance industry in Quebec
- Professions - Tougher disciplinary sanctions in the workplace for sexual misconduct
- Product liability - Internet of things
- Data protection - Regulatory Update
- D&O - Cyber Risks
In the fall of 2017, the Quebec government introduced two long-awaited bills that will bring about extensive reforms to the insurance industry in Quebec.
The new regime would allow insurance firms to offer products and services online, without the assistance of a broker or agent. It remains to be seen whether regulations will prevent certain types of policies from being distributed online, namely life & health insurance. In any event, consumers will have a right to a 10-day cooling-off period, during which they can cancel insurance policies contracted online.
Also, the new rules would impose stricter demands on brokerage firms dealing in damage insurance. Firms will be required to offer policies from at least four insurers belonging to different financial groups. In the event they cannot, they will have to show the regulator that they made every effort to do so, failing which they will have to change their registration to insurance agency. What’s more, damage insurance agencies and brokerage firms will have to disclose, on their website and in all communications with clients, the name of the insurers for whom they offer insurance products.
Last but not least, group insurance — which was officially possible only for life & health policies — will now be specifically allowed for property & casualty policies.
The proposed legislative changes, should they become law in 2018, would soon bring Quebec in line with other jurisdictions, and bring about a more competitive market among insurers, to the benefit the consumers.
Jo-Anne Demers, Partner
Laurent Durocher-Dumais, AssociatE
As the high-profile stories continue to pile up over allegations of sexual misconduct, we can expect an increase in sexual harassment investigations in professional settings.
It is worth noting that late in 2017, a Montreal psychologist and a doctor in Montmagny became the first professionals to be barred from practicing for five years for acts of sexual misconduct.
These rulings are the first to be handed down following the introduction of tougher penalties under Quebec’s Professional Code, which governs the exercise of a number of professions, including engineers, doctors and lawyers. The case involved a psychologist who carried on a romantic affair for six months at his office with a patient suffering anxiety and insomnia. The patient ended the relationship, but suffered from the separation in the following months. A complaint was filed and the psychologist pleaded guilty. He however argued that the council should not impose the 5-year minimum suspension since he was of the view that the particular circumstances of his case justified the imposition of a lower penalty. The disciplinary council seized of the matter found that the psychologist abusing his position of trust and authority vitiated the patient’s consent to the intimate relationship.
Not all professions create the same relationship of dependence, but the five-year penalty should serve as a warning to other professionals.
Caroline Malo, Partner
Alexandra Teasdale, Associate
Connecting everyday physical objects to the Internet is changing the way we live and do business. But our legal regimes of civil liability, which were not developed with IoT in mind, have yet to be properly tested. The coming year is as good a year as any for that to happen, as intelligent devices continue to experience ever-broader adoption.
The challenge for the courts is to determine who is responsible for intelligent devices when things go wrong, as compatibility issues become more commonplace between technologies, leading to more devices in an interconnected world exposed to growing security challenges.
Until now, the courts have shown interest in IoT devices only insofar as the information they contain can be used as evidence. Last year an applicant tried to rely on his Fitbit wrist device to establish he suffered from sleep deprivation.
In the absence of new legislative provisions, the general liability paradigm will continue to apply, but the complexity of determining the real source of liability may expose new actors (manufacturers, but also software developers, maintenance engineers, etc…). For the insurance industry, there is a major challenge in effectively keeping up with emerging risks when it comes to assessing the liability risks that can stem from the use of IoT technology. On the other hand, insurers can access consumer data more readily to assess risk, manage claims and price policies.
Trevor McCann, Partner
Prachi Shah, Senior Lawyer
Canada’s federal law relating to data privacy, PIPEDA, was amended in 2015 to require that organizations keep a record of every breach, and notify affected individuals as well as Canada’s privacy regulator, where there could reasonably be a risk of “significant harm.” “Significant harm” contemplates a range of scenarios, from humiliation and reputational damage loss to property and financial losses. Now, as these mandatory data breach notification provisions are expected to finally come into force this year, data security will continue to be a growing concern for companies of all sizes.
Canadian organizations that carry on business South of the border will also have to keep a watchful eye on breach notification laws in the U.S., where 48 states have different regimes.
They will also have to pay close attention to the European Union’s General Data Protection Regulation, which will come into effect in May. The GDPR has extra-jurisdictional reach and therefore may apply to certain Canadian companies that collect personal information on EU residents.
Nathalie David, Partner
Laure Bonnave, Associate
Although cyber related claims on D&O insurance policies are still relatively rare, they are nonetheless increasing in importance, as class action litigation becomes a consequential risk of proliferating cyber-crime incidents. Policies tailored specifically to cyber risks are in an early stage of evolution and the wrinkles are still being ironed out. Insurance professionals are still learning the best approaches and responses, often in reaction to a major event, and insurers have not had enough time to adequately model and set appropriate premiums given the fast changing and multi-jurisdictional threat of cyber-attacks.
They currently face the significant challenge of modelling risk in an actively developing area where the applicable laws are generally no more than ten years old. The threat posed by cyber-breaches has been changing faster than the security measures used to counter them can keep up. Applicable D&O policies, therefore, can quickly become outdated and the policy language has to be changed to cover new risks. Risk can be more reliably managed in contexts of either small/frequent or large/rare claims. Cyber D&O coverage, however, poses the significant underwriting challenge of limiting risk with respect to claims which are potentially both frequent and large, in the face of a legal and technological environment in active flux.
The scope of D&O cyber-liability litigation is also poised to change as the current experience, which has been generally limited to consumer class actions and security holder derivative actions, could be further complicated by issues of intellectual property loss and devalued company assets given the increasing severity of data breach consequences. D&O might well be caught unprepared for these intellectual property issues, since patent infringement is often excluded by cyber insurance, as it can be covered by IP insurance, and defence costs are also generally limited to claims arising from acts committed by non-management personnel.