Ho-hum, another politician has allegedly been caught with hispants down. Business as usual, right? Maybe, but the lingeringRep. Anthony Weiner(D-NY) scandal—an anonymous crotchshot (hereit is, if you must) was sent from his Twitter account to a 21-year-old Seattle femalejournalism student—has much bigger (ouch)implications for individuals, businesses and insurance.

Consider other recent high-profile events that have unfoldedaround cyberliability, including two huge Sony Playstation network security breaches (which could end upcosting the company $171.7 million), and this week's announcementthat China cyberattackers had hacked Google's gmail system.

And cyberhacks like that perpetrated on Weiner (although thejury's still out on who's to blame) can create a string ofliability snaking into more than just one guy's pants. Forpotential litigants (the photo's recipient, Twitter and Weinerhimself), deep pockets are getting deeper -- and cyberliability andEPLI alone aren't equipped to handle the gray areas.

From a risk management standpoint, social media exposures can cut across several different policies, depending on whether theexposure issue is defamation, libel or slander, media liability orcyberliability, said Tom Srail, senior vice president of Willis Executive Risks.

For example, some cyberliability coverage policies includeInternet media coverage, but may only cover content on theinsured’s website. Additional coverages can be easily added tocyberliability policies, but because there is no standardizedcyberrisk policy, the coverage will need tweaks and endorsements,Srail says.

The ambiguity of privacy rights in social media, as exemplifiedby the Weiner flap, has "far-reaching implications" for thecorporate world, says Jennifer G. Smith, vicepresident of global technology and private practice at Lockton Companies, LLC.

Part of the issue is the divergent views taken by the U.S. andthe rest of the world on basic privacy rights, Smith says. "The EUtakes a different view of who's responsible for the accuracy ofonline or website content. In the UK especially, an individual'sright to privacy is a fundamental right, which is not the case inthe U.S. We protect consumer rights, but individual privacy rightsare not guaranteed. This means multi-national companies withlocations in the EU and/or UK may have a greater exposure foronline content, as well as data privacy. If your corporation has aglobal insurance policy, your exposures could be different from onecountry to another."

Another example of this dichotomy involves the use of onlineimages that may invade an individual’s right to privacy, Smithsaid. For instance, there are many EU privacy lawsuits involvingthe use of Google Earth satellite imagery technology,which essentially is a non-issue under U.S. law, where privacy isnot constitutionally protected, Smith said.

So how would insurance coverage respond to lawsuits arising fromthe Weiner scandal? Not well, Smith says. "Cyberliability programsdeal strictly with protected data. In the U.S., if the data is notprotected by federal or state law, the policy will not respond. Inthis case, Twitter would not have a remedy, unless under the mediaor professional liability insuring agreements of E&Ocoverage."

Because Twitter, Facebook and other social media sites donot collect "protected information" such as personally identifiableinformation like Social Security numbers or confidential healthdata, they are not subject to most state or federal privacy laws;they would be “off the hook” against an unauthorizedaccess claim from Rep. Weiner.

However, a defamation claim could be more feasible. Smithreferenced the landmark 2009 defamation and reputation damagelawsuit filed by a fashiondesigner against celebrity Courtney Love, which Love hassince settled but which legal types were hoping would go to trialto establish a precedent around social media liability. As itstands now, "people have been arrested under obscure state laws"for online defamation, hostile environment and cyber-stalking --none of which, if proven, are covered under current cyberliabiltyor employment practices liability policies, Smith says.

This means the insurance industry has some tweaking to do toprotect policyholders operating in the wild worldwide web.Establishing conduct exclusions, rethinking triggers undercyberliability policies and determining the extent towhich behavior falls under E&O policies could all play apart.

Things change so quickly in the online world that corporationsthat bought comprehensive cyberliability coverage only a few yearsago need to revisit their exposures in light of those changes, hesays. “A company that a year ago stated in their social mediapolicy that they didn’t want employees speaking on social media onbehalf of the company have recognized that sites suchas Linkedin can be useful business tools for marketingand are encouraging just that,” he says. “This changes not only thecompany’s IT security practices, but could require changes ininsurance coverage as well.”

Agents and brokers counseling their clients on cyberliabilityshould know that if the coverage was considered three or moreyears ago, it’s time to take another look at it. “Therisk appetite may not have changed, but coverage and pricinghave, as has the breadth of coverage now available,” Srail says.“It’s an issue that needs to be revisited on an ongoingbasis.”

In the meantime, the proverbial ounce of prevention can go along way in protecting corporations against the sort of woes Weineris experiencing. Smith suggests:

• Having a written social media policy, either in employeehandbook or as separate document, signed by employees;
• Training and monitoring employees on appropriate social mediause
• Ensuring that the C-suite is familiar with their owntechnology and meeting with IT, compliance and/or the chief privacyofficer;
• Developing a Data Breach Incident Response plan, stressinginternal control as the first line of defense; and
• Considing firewalls and/or blocking social media useduring office hours.