Post-Pandemic Risks, Legal Liability, and Insurance Protection
Post-Pandemic Risk Management Checklist for Churches and Charities click here
“Change is the only constant in life”, an observation as true today as when the Greek philosopher Heraclitus uttered it 2,500 years ago. If the pandemic has taught us anything, it is that we can and must adapt to change, pivot, and reimagine our lives at home, at work and in our faith journey.
For the first time in living memory, churches were forced to close their doors for the safety of congregants during the COVID-19 pandemic. Many used online technology to keep their congregations connected in worship. Some were forced to use online giving for the first time to remain solvent. Others shut their doors for good because they did not have the financial resources to continue. As provinces have gradually relaxed restrictions on workplaces and gathering sizes, church and charity leaders will need to continue to make important decisions in prayerfully considering and using wisdom in keeping attendees, employees and program participants safe.
“I am about to do a new thing; now it springs forth, do you not perceive it? I will make a way in the wilderness and rivers in the desert.” – Isaiah 43:19 (NRSV)
The Good News
Safe and effective vaccines have been rapidly developed, approved by Health Canada on an emergency-use basis and embraced by a large majority of the Canadian population, allowing most provinces to reopen to a significant degree over these past summer months. Just as importantly, churches and faith charities have continued to be passionately committed and creative in meeting the material, emotional, and spiritual needs of members and their communities.
Many organizations have also been sensitive to understanding that individuals will be ready to return to in-person worship services and activities at different times, knowing everyone’s comfort levels may be at different places. Creating safe environments for individuals and families will also necessitate continuing to check with local public health agencies regarding community COVID-19 infection rates and localized outbreaks, upholding best practices for safe gatherings, and striving to provide a combination of in-person and online engagement and connection, as we all hope and pray to return to a new – and an even better – normal.
As you reopen, following are some risk, legal liability, and insurance items for your leaders to consider.
Legislative Liability Protection
More good news is that some provinces have passed bills over the past year to provide liability protection against lawsuits arising from exposure to and contraction of the COVID-19 virus. In Ontario, within Bill 218 – Supporting Ontario’s Recovery Act, section 2 (1) protects individuals, organizations, and corporations from lawsuits as a direct or indirect result of an individual infected with, or exposed to, coronavirus (COVID-19) on or after March 17, 2020.
This vital protection afforded to for-profit businesses and non-profit organizations alike is, however, conditional on the following:
(a) Acting in good faith in accordance with public health guidance and government orders (federal, provincial, or municipal) relating to COVID-19; and
(b) Not acting in a way that constitutes gross negligence. Some of the commonly referenced Canadian judicial definitions of “gross negligence” include “a marked departure from any reasonable standard of care”, “intentional negligent acts”, and “conduct so arbitrary that they reflect a complete disregard for the consequences to others”.
These protections also do not apply to acts or omissions if they:
(c) Occurred while a law or order required operations to close, in whole or in part; and
(d) Relate to an aspect of operations that was required to close under the law.
For board members and other leaders of charitable organizations, this legislative protection also applies to persons acting in good faith who may be held vicariously liable for the acts and omissions of another person.
Similar bills and government orders have been passed or are being considered by legislatures in British Columbia, Nova Scotia, and New Brunswick.
Since the emergence of the pandemic in early 2020, the insurance industry has also had to address with the issues and implications created by the novel coronavirus, including coverage for loss, damage, and liability arising out of COVID-19. Endorsements have been issued to property and business interruption policy renewals to make clearer the existing standard policy exclusions for claims caused by anything other than direct insurable physical loss or damage to insured property, by introducing specific communicable disease transmission exclusionary language.
To date, the industry has largely refrained from adding COVID-19 exclusions to commercial liability insurance policies. This is essential and welcome relief for the charitable and non-profit sector. It means insurance companies will defend and protect insured corporations, associations, societies, and directors, against insurable lawsuits alleging negligence for actual or alleged transmission.
The caveat as with legislative relief is that liability insurance policies have always contained exclusions for civil liability suits arising out of criminal and/or intentional acts by the policyholder. If a board or leaders are sued arising out of knowingly breaking the law or intentionally causing bodily injury, sickness, or death to a third party, the claim may be denied.
The bottom line is that if the leaders of a church or charity are acting in good faith in accordance with government orders and public health guidance related to COVID-19, they will continue to have significant protection in some provinces from lawsuits related to actual or alleged COVID transmission on their premises and as a result of their operations, programs, ministries and events, both legally and insurance-wise.
The increasing trend of cyber incidents affecting non-profit organizations only accelerated during the pandemic, when organizations relied even more heavily on their IT infrastructure and remote lines of communication among management and employees.
While “denial of service” and “ransomware” attacks disrupting online operations have occurred in the charitable and non-profit sector, our experience as an insurance provider to over 7,500 churches and Christian charitable organizations across Canada indicates that the two largest cyber risks for charities, large and small, are currently privacy breach incidents, and social engineering claims.
A privacy breach is an incident involving the unauthorized or unlawful disclosure of identifiable personal information (most often sensitive financial, health, employment and screening data for clients, members, donors, volunteers, employees, etc.) that can result in economic or reputational harm to those individuals. It can also incur significant expenses on the part of the organization or corporation which held the information to comply with the mandatory privacy law notification requirements to affected individuals, along with the potential for civil legal liability damages.
Social engineering is when bad actors either hack a legitimate email address or create one to pose as a legitimate email sender, with the goal of inducing employees or volunteers into disclosing sensitive information, or directing them to transfer funds to a bogus third party sometimes posing as a qualified donee or authorized agent purportedly carrying out the Canadian charity’s operations, including outside the country.
Neither type of incident, nor any cyber risk, is coverable under a standard property, business interruption, or crime insurance policy. Most standard policies contain absolute exclusions for cyber claims and for the voluntary parting of property including money. A few policies include a nominal “frill” coverage amount for cyber incidents, subject to exclusions and limitations.
Church and Charity Protection Plus, including the CCCC Group General Insurance Plan offers a more generous standard coverage amount specifically for Privacy Breach Liability claims. However, it is generally necessary to obtain a separate stand-alone Cyber Insurance policy through a specialty insurance company or Lloyd’s syndicate to cover most insurable cyber risks, or to provide higher amounts of protection.
Please contact Robertson Hall Insurance for more information regarding coverage options, and for a detailed Post-Pandemic Risk Management Checklist for Churches and Charities click here
Disclaimer: The content in this article is for general information purposes only, for Canadian churches and charities. Check with your own insurance agent or broker for specific information regarding your insurance policy and the optional coverages available. Check with your corporate lawyer or the province(s) in which you operate for the full provisions of any applicable legislative relief for COVID-19 transmission.
Kenneth A. Hall, President
Kenneth A. Hall, B.A. (Hons), R.F. is the President of Robertson Hall Insurance Inc. Ken specializes in customized insurance and risk management advise for over 7,000 churches and charities across Canada with the Church and Charity Protection Plus program. To find out more about Ken and the team click here. To find out more about Church and Charity Protection Plus click here.