This post from the Information Law Group is interesting on a number of levels. In short, the post suggests that a general liability policy may not provide coverage for Internet data or privacy breaches for organizations. They may need to purchase specific policies covering those issues.
What about social networking by employees?
One of the risks for companies is that employees can purposely or not reveal personal or protected information through their blog, Twitter, Facebook etc. and that may subject the organization to damages for an Internet security breach. I wonder if specific policies that cover organizations for such issues will require certification on all employees that they have received training in appropriate use of social networking tools to mitigate the risks the employer and insurer would face for potential privacy breach?