The pain of GDPR compliance and the long term effects

Posted by 7 September, 2018 (0) Comment


GDPR has no exemptions that organisations I work with can rely on, perhaps for the first time with data, we are all in it together.

The challenges facing organisations trying to comply are magnified by the amount of “fake news” surrounding it. I haven’t been surprised by the feeding frenzy from those trying to cash in yet I am somewhat alarmed by the number of “experts” on this untried legislation. I understood that it took 10,000 hours to become an expert in something and I’m wondering how the experts managed that. C’est la vie.

What truly concerns me is that this is a massive cultural change and I fear that the policies being written and disseminated are not going to empower the people that need to deal with data on a daily basis. During my 29 years in the field of risk, insurance and business continuity I have seen many issues that could have been avoided by educating people. Yet it seems that policies are written to ensure employment or contracts can be terminated rather than actually encouraging people to comply. I realise that this is partly due to legal precedent yet motivating people by fear is far weaker than motivating them by other means.

Having listened to many people and taking in copious amounts of information, I think that the feeding frenzy has prevented people from understanding the “mission” of the data regulators. They want organisations to be careful with data and respect the wishes and privacy of people like you and I.  It is not a lot to ask yet achieving that aim is undoubtedly awkward. It is a lot less awkward if the culture of an organisation recognises this.

I have this awful nagging doubt that people will not be motivated to do the right data thing if they are told off or, disciplined when they make mistakes. I’ve seen many policies that tell people what to do yet they are rarely allied with the cultural piece. Even rarer is the right level of education and reinforcement that motivates.

The deadline will come and go yet the mission of the regulator is not going to be achieved if the culture of blame continues to be the most pervasive in organisations. One issue that no-one seems to have thought about is the way salespeople treat data. Arguments over who owns it are regular, especially with the advance of online networks. Roughly 50% of people take data with them when they leave one organisation for another. There are at least two companies in breach when this happens and the individual has broken the law. It is theft after all.

The existing regulations state that this shouldn’t happen yet half of the population think it’s OK to take it when they really know that they shouldn’t. It could be argued that the policies that discipline people have worked because they have stopped the other half from doing this. Yet half is not enough. It should be a single digit number, at the very worst.

So policies and procedures are not working now. New ones will not change that if they don’t address the cultural side of human behaviour.

What can be done?

A new type of policy is required. Naturally, it should start at the top of an organisation. It should motivate people to change the way they think about data. It should be readable, not shrouded in jargon. It should reward people for doing the right thing. It should be something that everyone is reminded about. But not “beaten up” over.


Jason Cobine is an Insurance broker in London who works with businesses and charities. He has built a business from scratch, without pilfering data so he knows how hard it is. Yet it was a cultural decision that has been proved to be correct.


Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Personal Insurance,Solicitors insurance,Uncategorized Tags : , , , , , , , , , , ,

Flatterers deceive UK start-ups

Posted by 19 April, 2014 (0) Comment

A spectacularly large US company flattered a UK start-up with a huge contract which was eventually signed and secured. This would give them the capital they need to multiply their success. The contract wasn’t exclusive and the start ups web application was valuable to many similar companies. A fantastic “result” and only two types of insurance were required by the US company.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Contractual responsibility


The contract issued by the Americanclient had 2 pages making direct reference to the type of due diligence, risk management and business insurance required of the start-up. The rest of the contract revealed 26 further liabilities and requirements that were, or would become, necessary.

Not all were manageable for a small company with limited cash flow. The really fine points of the contract referenced this exact point and made it clear they would take full and furious legal action if something went wrong. Ouch, a soft landing is required so we received an introduction.

Part of the liability related to the website, which was provided as a service, and had to be operational 99.9% of the time. The US company staff would be trained to use it and then supported 24/7. It had to work and the contract made it clear that they would want compensation for any downtime over 0.01% in any one year. Keep in mind that one way to compensate is not charge fees that are due.

Penetration testing must be the answer


It helps work out weaknesses today yet doesn’t account for advances made by hackers tomorrow. IT Systems security methods of suppliers aren’t always reliable and data theft was the main concern of the US client. They made the UK startup contractually liable for the costs of notification to the relevant authorities and those whose personal data is compromised.

This is a really tough figure to try and quantify because few own up when they have a data breach so the statistics cannot be compiled. Contrast that with fires where it is easier to quantify losses.

That won’t change just because it becomes a must to do (new regulations are due to land in the EU in 2015). So if some Herbert got at the data, the US company would have to spend to meet US regulations and the UK start-up could be ruined by the losses. Identity theft costs vary from person to person so it really is a difficult number to calculate.

Legal liabilities change across borders or state lines


The chances of a breach are minuscule, the costs ridiculous. The damage to brand immeasurable. Get a lawyer to get legal on your contracts and they’ll close the gaps. Some clauses don’t hold water in the UK yet US companies issue proceedings where they want. The contract formed a vicious circle when the statement of work and suppliers agreement were reviewed together. No stone had been left unturned and the US company had a fair minded legal team. That is not always the case.

However, there was a liability of millions and the supplier of the application’s infrastructure were only going to cough up £182k if they failed to maintain their supply. Worse still, the infrastructure wasn’t easy to transfer to a new supplier and a 30 day window tied the start-up down. No fix in 30 days and the US contract terminated automatically. And further contracts would not have been issued by them or anyone else.

We deal with cyber risk every weekly basis. It rarely touches the smaller business, yet their suppliers are at risk. Cloud sounds great yet it is not as solid as your own database with your own security. The solutions are a contractual nightmare.

Wrap up: It is not unheard of for a large company to issue a contract to a start-up, allege an error and drown them in legal proceedings. This is because they can then strike a deal which leaves the start-up Directors free of debt if they give up their Intellectual Property. Only in America? No! Uk companies do this too. Does Directors protection work in these cases? No! See why here:

Top tip: One digital games company signed an NDA and found the other signatory copied their ideas and started selling their titles. It cost £300,000 to force them to stop and compensate the original designer. There is no point getting someone to sign an NDA unless you have the means to enforce it !

Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Design Insurance,Domian name protection,General Requirements,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Patent Insurance,Solicitors indemnity,Solicitors insurance,Trade,Trade Secret Protection,Trademark Insurance Tags : , , , , , , , , , ,

Will Intellectual Property lead the UK out of recession?

Posted by 12 July, 2013 (0) Comment

This article is about the true value of intellectual property, the risks and advantages when leveraging it, and the solutions available.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Intellectual property is Marvellous


Every week I meet someone who has had a great idea.  Not all of them will make as much money as Coca Cola, yet some of them are simply amazing. Naturally, these conversations are private and confidential, and I am often asked to sign Non-Disclosure Agreements (NDAs), before I am party to the secret. I don’t mind doing this because it helps build trust with entrepreneurs and inventors.

I think it is vital to protect the intellectual property in any country, UK Plc. seem to have more nurtured good ideas than most. The gentleman who designs Apple products is British, although he is an employee of Apple, so he is handsomely rewarded for giving them the rights and it makes sense to leverage an idea by partnering with someone who has the means to make the most of it.

The UK authorities are aware of just how much tax revenue they make when ideas created in the UK are well protected in the UK, so they have invested in grants making it worthwhile to protect intellectual property, because they make money when we make money.

Intellectual property risks examples


One inventor has designed a new water bottle for athletes. Another has invented one with a filter that means that it can be filled from a puddle, yet still be drinkable. When they initially approached me they had similar concerns, someone might copy it and they wanted to enforce their patent, design and trademark rights. Perhaps another manufacturer would try to flood the market with cheap copies that would damage the brand if people were injured whilst using an inferior bottle.

Social Media searches helped another inventor determine people who were jealous of the invention and were using very similar names to promote their product. In each case they can enforce their rights because they arrange protection to close down the miscreants or, at least, stop the fake or suspiciously named goods reaching consumers.

Sometimes this is achievable by a warning shot across the bows, commonly known as a cease and desist letter; this doesn’t always work. Authorities will act upon injunctions and stop goods leaving a factory, impound them at a distributors warehouse or prevent them being loaded onto a ship if the Intellectual Property owner has the means to enforce their rights. Sometimes this is avoided by the miscreants and the legal costs of enforcement mount up.

Some inventors have told me that they believe people will think twice when they have signed a Non-Disclosure Agreement, and that is certainly true for the vast majority of people. Large companies and corporations have taken advantage of the little guys and will stop at nothing to make a buck. Just a little research unearths companies who brought their manufacturing process back to the UK from abroad to find that aggressive companies in England started copying their top four selling items and promoting them on the internet.

Whoever let the copycat have the designs probably signed an NDA. It will take time to find out who the culprit was or if the data was stolen by hacking, employees or “external forces” have been known to do this. Without legal costs protection in place, even though they had protected their unique features and registered their designs, it costs a considerable amount of money, time and effort, to stop this happening.

The same applied to an Irish game designer, doing business in the UK, who was courted by a US publisher with a hawkish side. It cost $380,000 to get the game they “copied” removed from the shelves and they eventually gained a licence agreement for a share of the sales of his original ideas.

Intellectual property advantages


It is understandable that some companies do not want to register a patent because they know that there are really aggressive companies, especially in the US, who have a habit of copying ideas as soon as they are registered.  I don’t mean registered as a patent, I mean patent applied for. How they find out about such things is fraudulent, of course, and I share tweets noting those that get caught or the sectors that are at the biggest risk.  Savvy intellectual property advisors often recommend that registering be left until the last minute, yet this also carries the risk that someone else may have come up with the idea on a completely opposite of the world, and register it first, obtaining Worldwide rights, if they have the ability to do so.

When discussing these issues I let people know that there are ways of protecting such inventions without them being fully registered.  Get a registration in first, and inventors or designers can enforce their rights before they are registered. This makes patent attorneys and intellectual property lawyers very happy because it gives them a significant tool in their armoury and also enables them to generate fees when the protection process takes too long.

Large companies do not wait for small companies to enter the market before they attack them. A client is in the UK and bought a US Company and made it their branded subsidiary. The players who had the largest share of that particular US market instantly issued “malicious” proceedings against the UK Company before they had even started promoting their products.


Wrap Up: Intellectual Property is a real bargaining chip, if it is adequately protected.  Aggressors often try to tie new entrants up in legal process – which is a huge cost – especially in the US, to prevent them from spending their money on marketing and eroding the established leaders market share.

Top Tip: Having a non-disclosure agreement is great, yet you will need to enforce it if someone breaches confidentiality or trade secrets. This is simple yet not easy. Registering patents, marks, brands, domain names, or other unique features of a product or service, and the way it is marketed, can all form part of Intellectual Property protection.




Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,Design Insurance,Domian name protection,General Requirements,Health & Safety,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Patent Insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade,Trade Secret Protection,Trademark Insurance,Uncategorized Tags : , , , , , , , , , , , , , , , , ,

Your Data is a Commodity – Your Privacy is not

Posted by 28 June, 2013 (0) Comment

This article is about car insurance, not that I can help with your car. It’s to do with the commoditisation of car insurance because of the thirst for our data, why insurance companies are slowly waking up to it’s pitfalls and 2 things you can do about it whilst they slumber.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Car Insurance Crackdown


You may have noticed that there has been a significant increase in the number of arrests of people involved in staging fake car accident over the last 6 months.  Behind the scenes, this is because the government said it would crack down on whiplash claims. Most people thought this meant individuals making out they were hurt following minor shunts would find it more difficult to get compensation. In fact, the government have also put pressure on insurance companies to do something about the cartels who were taking money out of your pocket.

Organised criminals have had an easy ride with this money making venture over the past few years, because insurance companies turn a blind eye to these ficticious claims because they simply recovered most of their costs from the car insurance buying public.


Cheaper premiums come at a price


Insurance companies don’t make much profit selling car insurance, some make no profit at all. They do make money from different types of referral fees. Some referral fees are from solicitors who pay for leads for personal injury claims. Others are car hire companies who charge more to hire a car to someone who’s vehicle is damaged in an accident, than they would if you or I if were to hire.  The third, usually secret referral fees, are paid to those that sell or aggregate car insurance policy data. Yes your date of birth, address, your other personal, protected information.

I have used the aggregators myself, because it is a great way to find an appropriate provider. However, it never ceases to amaze me, the level of information people are prepared to disclose, to shave £10 off their annual car insurance premium. Very few people realise that the direct marketing they receive is highly targeted, and would probably reduce if they spent less time giving their personal information to the internet. All they need do is uncheck the boxes about marketing material. Insurers would then have to work harder at reducing fake claims to make money.

Round about gangs rounded up


It will take the authorities a while to round up the highly organised car crash syndicates that have been milking insurance companies for years. I mention roundabouts, because that is a favourite for these gangs. Insurance companies took their eye off the ball. When they analyse trends in their data, they realised that ridiculous amounts of accidents have happened at the same junctions. When they look into it deeper, with the help of the authorities and CCTV, they were astonished to find that there have been zero accidents at some of the said roundabouts or junctions.

Follow the money is the usual mantra, because individuals receiving the settlements are obviously tied into the scam in some shape or form. However, with organised crime being behind these scams those receiving the payments do not exist or are the victims of Identity Theft – their ID’s have also been fraudulently claiming benefit, living in a flat with heaven knows how many people, the story goes on.

When insurance companies are not losing money they may fail to analyse trends. This is not the first time that this scenario has played itself out. In the 1990s car thefts were a huge problem, leading to some “hot hatches” becoming virtually uninsurable, because they were so easy to break into. The car industry had no motivation to improve its security because they charged their clients to repair vehicles and install the new stereos. The insurance companies charged those suffering thefts increased premiums, and car insurance premiums across the UK rocketed.  It was only when the public made a racket that the government stepped in and ordered the car, and insurance, industries to do something about it. We now have largely plastic stereos embedded in cars with fantastic security features. The newest technology allows you to pay according to how safely you drive. Now that is progress.

Wrap Up: Some gangs are found with 1,000’s of fake ID’s and crossed referred them to create accidents and benefit claims. Insurers can pool their resources and cut this out and we can help ourselves by ticking the right boxes.

Top Tip: It will take some years for the dodgy claims to subside and premiums to reduce. Meanwhile the only sure way to reduce car insurance premiums is to increase the excess, here’s a link to a nifty tool that allows you to do just that. We cannot help with car insurance, because resolving claims is such a nightmare. So we decided to take advantage of this tool and provide you all with a solution. We do not ask for your inside leg measurement before offering you a quotation.

Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,General Requirements,Health & Safety,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade,Uncategorized Tags : , , , , , ,

Tailor-made insurance

Posted by 18 May, 2013 (0) Comment

This article highlights why it makes sense to review the risks a business faces, check that insurance policies are fit for purpose and what can happen if this is not undertaken regularly.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.


I have this cover – what is it for?


After successfully covering something that the incumbent broker couldn’t, without too much trouble, I was invited to visit their premises, take a look around, and undertake a review. A reasonable way to reduce the time it takes to undertake a business risk assessment is to look at current insurance documentation.

Having collected the information, there was one piece missing, and I received an email to say it would be forwarded on to me as soon as it was received from the broker. At the same time the gentleman said it includes “x cover, and I don’t know what that is”. This is not unusual in my industry. A lot of people build relationships with their brokers and then buy what they recommend. Yet it appeared that the broker had recommended this particular cover, but had failed to remind the client what, or how, it actually protected them.

Does a review mean rates will increase?


When the document arrived it was pretty standard. After discussing various cover with underwriters, we got some options. The next step on such a large insurance programme (we are talking about a company who export £1.7million of high quality product to America), is to sit down again and discuss the terms and conditions of the options available to us. The rates we had obtained were 25% less than they were used to so it made sense for the Finance Director to invite us back to discuss in detail.

During this meeting I asked about previous incidents. It had previously been declared that there hadn’t been any in 5 years, apart from a mobile phone being lost. Whilst I collected information about staff, including health and safety arrangements, the Director sighed “staff, our biggest expense and liability.” I enquired how they proved to be a liability if no claims had been made and he said “we don’t have to tell them about things that aren’t insured, do we?” I ventured that they may not have to, yet insurance companies were not that kind. Insurance company requirements often mean that every issue has to be disclosed, no matter how trivial or whether it related to the cover they were providing or not. So the client regaled me with the tale of the dissatisfied employee who had threatened starting a tribunal alleging stress they were suffering was related to their work, and they had settled for £15,000 on the recommendation of their Human Resources consultant.

What do you mean we are covered?


I asked the client if they had discussed the stress related claim with their broker. “No” he replied, “we are not covered for this.” I felt it would be cruel to tell him that one of the policies he had in place would have provided him with advice on how to reduce the cost and time spent on such issues. Another may have provided cover for a legal defence and paying compensation if it were awarded. If only it had been explained to the client before the incident happened. This is because some policies only pay out if an issue is reported to an insurer as soon as it crops up.

As I said before, this is not unusual in my industry. Whenever someone tells me that they have insurance, but are unsure of what it covers, I realise that their broker has been order-taking, rather than providing an assessment of risk or any advice. What really sticks in my craw is that the previous broker had sold them a policy which wasn’t much use to them, yet by taking one of the optional extensions they would not have had to pay this £15,000 themselves So, with their current broker they invested over £100,000 and still had to fund a £15,000 claim from their own pocket.

At the last minute, the incumbent broker did try and persuade the FD that he should stay with them, and even resorted to the underhand tactic of trying to approach the insurance company I had recommended so that they could copy the work I had undertaken, and pull the rug from under us. Luckily they were not successful because we have strong relationships with underwriters and they give us exclusive terms and conditions, that order taking brokers cannot access.

The most alarming thing about this rather typical scenario is that the broker could have prevented his client from obtaining the cover he actually desired by trying this underhand tactic. The broker would have known this was the case, but was far more concerned with keeping the business than helping the client protect his.

Wrap Up: At the beginning of the process I had explained that his incumbent broker would probably try underhand tactics and it was best he didn’t tell them that we were involved in a review because it may prejudice his position if he did. He agreed that that was the case, yet when put under pressure by the incumbent, who begged for one more chance, he nearly shot himself in the foot. It happens, regrettably, all too often – yet not to us.

Top Tip: When seeking an assessment of risk, it’s important to request assistance from someone who has a reputation for looking after their clients rather than being an excellent salesperson. The hard sell is all too evident in this industry and masks the underhand tactics that too many brokers participate in, to protect their not so hard earned income.

Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,General Requirements,Health & Safety,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade,Uncategorized Tags : , , , , , , , , , ,

Smashing lady is actually a criminal

Posted by 4 May, 2013 (0) Comment

Geoff calls me to ask if I can help him with protection for a large amount of jewellery he has just bought his wife and we always help our business insurance customers when they need help with their personal asset protection. While working out the particulars Geoff asks me if I have time to hear a short, but interesting story. Geoff is an entertaining guy, and I’m always happy to hear what’s been going on in his world.  He starts regaling me with a tale from a friend of his, who had been at home when he heard a loud bang, and his wife started shouting for him. He sped downstairs and was confronted with the sight of his front garden wall – newly decorated with a BMW.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Who Done It?


A lady who looked physically shaken, was standing in his front garden, saying “a guy crashed his car into mine, knocked me into your wall and then disappeared.” Over a cup of tea she explained how she had been driving down the road, when she had been shunted from behind, left the road, hit the curb, and landed on top of his wall, rather than driving through it. There was no real evidence of damage to her vehicle, so it looked plausible.

The police were called and statements were taken. The lady drove off, regrettably she didn’t know the identity of the perpetrator who had crashed into her.  She didn’t know the make of the car or the registration number, because it had happened so quickly.

She did it!


Some time later a neighbour stopped by to ask what was happening with the demolished wall was told the tale of the lady being shunted into the curb and over the wall. At this point his neighbour informed him that his CCTV told a completely different story.

As Geoff’s friend watched the CCTV footage, he couldn’t believe his eyes. The lady’s BMW was spotted travelling down the opposite side of the road that she’d said, and suddenly left the road as her head disappeared from view behind the windscreen. Her car then clipped the curb and demolished his wall.

Fraud, lies and videotape


He could not believe what a performance this lady had put on, both for himself, his wife, and also for the police. He was incandescent by the time he had reached the end of the video footage, asked for a copy, stormed down the police station, demanded that the lady be arrested for fraud. Regrettably nobody had kept her details. Fortunately the CCTV recording had the registration plate number. The police are unlikely to investigate the lady for fraud, as they feel the insurance company would deal with the claim. Yet it is an offence to damage property whilst driving and not report it to the Police – check the highway code.

Is this gentleman incandescent enough to launch a private prosecution – probably not! Has he learned his lesson that what is often perceived may not be the case – yet this is what typically happens when anything goes wrong. I told my friends about this scenario and we all agreed it’s rare for people to take responsibility when things go wrong, sometimes because of the financial penalty. Most people don’t plumb the depths this lady did yet they do think their insurance premium will go up if they make a claim – which is untrue because not all insurances have a “no claim bonus”.

Wrap up:  A lot of businesses relationships with their suppliers go sour when it’s found they don’t provide the service they said they would and use their T&C’s to avoid paying a penalty. Let’s face it, some suppliers best performance is in the tender process.

Top tip: Follow me on Twitter to be the first to hear real evidence of the Police crackdown on whiplash claims. It will happen because the Government has realised that it’s caught up in insurance company unwillingness to drive change. This happened in the1990’s when the Police were swamped with claims for car stereos. The Government forced car manufacturers to improve security.

Share this: With anyone who complains about their insurance premium increasing. If it’s car insurance they’re complaining about, we don’t do it because it’s such a mess thanks to direct insurers and their unwillingness to detect fraud. Yet we do have this nifty tool that helps everyone reduce their premium.

Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,General Requirements,Health & Safety,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade,Uncategorized Tags : , , , , , , , , ,