Sponsorship note: This article was produced in partnership with Tokio Marine HCC - Cyber and Professional Lines Group.
Client expertise blurb: Desmond Devoy, of Insurance Business America, looks at the surge in cyber privacy lawsuits with Tokio Marine HCC – Cyber and Professional Lines Group.
In this climate, cyber insurers give guidance to clients when it comes to the collection of personal information to websites visitors.
Of particular concern is online pixel tracking, which is resulting in an increase in lawsuits.
There have been a wave of class action lawsuits brought against companies like healthcare providers, restaurant chains, and retailers, due to an alleged unauthorized collection of personal identifiable information (PII) and protected health information (PHI) with tracking pixels.
Pixels are an analytics tool that help you measure how effective your ad is doing online. Simply put, it’s code that allows someone to collect and track user actions and behaviors on a website. They measure and improve the effectiveness of online advertising and user interactions. The pixels can be added either manually by a developer or through a partner integration.
But why is pixel tracking a problem?
Federal and state law, as well as HIPAA (Health Insurance Portability and Accountability Act of 1996) requires patient consent and business agreements to share PHI between companies. Businesses may not even be aware that the data that these trackers are collecting may require consent.
Companies like Facebook, Amazon and Google all use pixels to track customers online.
Here’s a good example of how electronic eyes are watching your moves online – even if you don’t make a purchase.
Have you ever wondered why the same pair of shoes you looked up on Amazon are now appearing on
Facebook, Instagram, YouTube, and even in your personal email? This is an example of some of the technology behind the curtain.
These pixels are a necessary ingredient to our online existence since our online world is all about advertising. These advertisers track and learn user behavior while they are moving between websites and utilize retarget ads to help increase conversion rates, making tracking pixels necessary.
Embedded tracking pixels let it be known which websites you visit, especially which product pages, buttons you clicked, what form field words you use, geolocation information, and even devices used (iPad, laptop, tablet, etc.)
The collected information gets sent back to companies like Facebook, Google and Amazon, who then use that data to retarget a company’s advertisements.
All an average shoe company wants to do online is sell you a shoe, or, better yet, many shoes.
So why is pixel tracking a problem?
Recent lawsuits have accused companies of collecting HIPAA-protected information through healthcare provider patient portals, which may have included appointment details, health conditions, treating physicians, test results, allergies, and other sensitive information, all of which is claimed to have been potentially sent to Facebook.
Where the rubber is hitting the road for insurance companies are the settlements. According to Bloomberg Law, Mass General Brigham health system in Boston agreed to pay $18 million in 2022 to settle a class action lawsuit over the use of web analytics tools that collect data about visitors who use their website. Mass General has denied the suit’s allegations, according to Bloomberg, but it does use tracking tools from companies like Facebook and Google.
In addition to the exposure organizations may face from class action lawsuits, there are breach notification and regulatory fines and penalties coverage that can also be triggered in such a scenario.
So how widespread are pixels? According to research from Tokio Marine HCC - Cyber and Professional Lines Group, a member of the Tokio Marine HCC group of companies based in Houston, Texas, pixels are embedded in 30% of the top 80,000 most popular websites. They are also embedded in 33 of the top 100 hospital websites in America.
The company advises clients to build an action plan to address this rising concern, in particular:
In this process, where applicable, seek the necessary legal counsel to ensure compliance, because navigating this evolving cyber landscape is tricky. It’s important for clients to know how their cyber insurance provides protection. Reaching out to your cyber and tech underwriting team to learn more about solutions to this exposure is a good move that can save headaches down the road.