Help customers avoid the pitfalls of online tracking

This article was produced in association with Tokio Marine HCC – Cyber ​​and Professional Lines Group.

Desmond Devoy of Insurance Business America sat down with EK Keller, Underwriting Manager at Tokio Marine HCC – Cyber ​​& Professional Lines Group, to discuss the rise in cyber privacy lawsuits.

In this climate, cyber insurers provide guidance to customers when it comes to the collection of personal information for website visitors.

Of particular concern is online pixel tracking, which is resulting in increased lawsuits.

“We’ve seen a wave of class action lawsuits filed against healthcare providers and other businesses over alleged unauthorized collection of personally identifiable information (PII) and protected health information (PHI) with tracking pixels,” EK Keller, manager Underwriting, Cyber ​​& Tech E&O for Tokio Marine HCC – Cyber ​​& Professional Lines Group (CPLG), a member of the Houston, Texas-based Tokio Marine HCC group of companies, said.

The dangers of pixels

But why is pixel tracking a problem?

“Federal law, state law and HIPAA require patient consent and business agreements to share PHI between companies,” he said. “Companies may not even be aware that the data these trackers collect may require consent.”

Companies like Facebook, Amazon, and Google use pixels to track customers online.

“(Pixels are) an analytics tool that helps you measure the effectiveness of your advertising companies by monitoring people’s actions on your website. Simply put, it is code that allows you to collect and track user actions and behaviors on a website,” he said. “They measure and improve the effectiveness of online advertising and user interactions with that website.” Pixels can be added manually by a developer or through partner integration.

Keller has noticed pixels in action online.

“Have you ever wondered why the same pair of shoes you searched for on Amazon is now showing up on Facebook, Instagram, YouTube, and even your personal email?” she asked. “This is an example of some of the technology behind the curtain.”

These pixels are a necessary ingredient for our online existence.

“Our online world is all about advertising,” Keller said. “These advertisers track and learn user behavior as they move between websites and use retargeting ads to help increase conversion rates, making tracking pixels necessary.”

Built-in tracking pixels let you know which websites you visit, especially which product pages, buttons you clicked, which form field words you use, geolocation information, and even devices used (iPad, laptop, tablet, etc.). .)

“The information collected is sent back to companies like Facebook, Google, etc.,” said Keller, who then uses that data to retarget a company’s ads.

All your average shoe company wants to do online is sell you one shoe, or better yet, many shoes.

But why is pixel tracking a problem?

Rising demands

Recent lawsuits have accused companies of collecting HIPAA-protected information through healthcare provider patient portals, which may have included appointment details, health conditions, treating physicians, test results, allergies, and other sensitive information. , “all of which are claimed to have been potentially sent to Facebook,” he said.

Where the rubber is hitting the road for insurance companies is the settlements. According to Bloomberg Law, the Mass General Brigham Health System in Boston has agreed to pay $18 million in 2022 to settle a class action lawsuit over its use of web analytics tools that collect data about visitors using its website. Mass General has denied the allegations in the lawsuit, according to Bloomberg, but uses tracking tools from companies like Facebook and Google.

“In addition to the exposure that organizations may face from class action lawsuits, there is notice of breach and Coverage of regulatory fines and penalties that can also be activated,” Keller said.

So how widespread are the pixels? According to Keller’s research, pixels are embedded in 30% of the 80,000 most popular websites. They are also embedded on 33 of the top 100 US hospital websites.

“Our perspective is that it is best for your clients to develop their action plan to address this growing concern,” Keller said. “And we encourage them to do some things.”

In particular, Keller advises:

1. Identify all websites and portals that contain tracking pixels (a tag that tracks user behavior);
2. Confirm if the client is collecting sensitive personal information; and
3. Confirm that the data being collected complies with applicable data privacy laws and includes consent and appropriate disclosures.

In this process, where appropriate, Keller urges you to “seek the necessary legal advice to ensure compliance, because navigating this evolving cyber landscape is complicated. It is important for customers to know how their cyber insurance provides protection. We encourage you to contact your cyber and technology underwriting team to learn more about the solutions a cyber policy can offer for this exposure.”

Biography: EK Keller is based in Atlanta, GA. He is the underwriting manager for Tokio Marine HCC-Cyber ​​& Professional Lines Group, which is part of the Houston, Texas-based Tokio Marine HCC group of companies and manages its technology and cyber omissions and errors team for the Southeast. He provides underwriting and customer support, offering a variety of insurance solutions that incorporate extensive first-party and third-party coverage for exposures to cyber, multimedia, and technological errors and omissions. He has been in the industry since 2007 and has been with the company since 2021.