. . . But You Cannot Outrun These Exposures Whether You Are FedEx or Del Boca Vista Condo Association.

I am speaking to community association boards, managers, insurance professionals, lawyers or others. These exposures are coming faster and faster like a snowball. Although it may seem counter intuitive that a small entity like a community association is more at risk, the reality is that they are more vulnerable and the prospect of data being breached or their systems being shut down will probably have a draconian impact on operations.

I review various insurance periodicals on a daily basis and they are dominated by these issues. Just today, I saw the following:

  1. FedEx Hit with Cyber Attack- related Securities Suit;
  2. Patients Accuse Google and University of Chicago Hospital of Violating Their Privacy; Apparently, insulin pumps can be hacked;
  3. dating app agrees to pay out significant amounts after users nude photos are leaked.

These are just a few from this morning that hit my In Box. I advise insurance professionals and other community association professionals to at minimum to present these coverage, or pursue risk management programs to at least protect them when clients come back and say why didn’t you warn us.


Associations have looked at these policies as a “no harm no foul” situation. Specifically, what can it hurt just to keep ALL records forever? Can you spell: “Cyber Liability & Data Breach? 

These trending exposures that are snowballing for everyone and every industry now take on a greater significance. Practice Pointer:

  1.       find out from your association attorney your state record retention laws
  2.      does your association have a policy and is it in compliance
  3.      set up a record/document retention policy. (what records must be kept       permanently, what records have specific time lines for destruction, and what records/documents have no requirement to maintain or destroy.)
  4.      determine what “Personally Identifiable Information” are included in              these documents and whether they are critical to the association operations.
  5.       if they are critical to operations, get advise how to best maintain  them            
  6.       if they are not necessary for operations - destroy.

The LESS unnecessary data you maintain the less exposure.

What do you think?