Insurance Coverage for Biometrics Risks

Andrew Zarkowsky


January 11, 2022

A person holds their thumb up to a computerized display that reads their thumbprint, producing other images from the data, including a face, a government building, and a lock, implying the print is unlocking this information.

From data breaches to false positives, biometrics technology businesses face different liabilities and risks. Matching a business' unique risk with the appropriate coverage is critical. This includes looking at contracts for potentially insurable provisions such as waiver of subrogation, additional insured interests and use of binding arbitration or mediation. For example, a technology manufacturer may need additional coverage to mitigate exposure should a distributor partner become liable for a distribution issue. Or a technology distributor may want to be included as an additional insured on the tech maker’s insurance policy to help mitigate the risk should a product issue occur.

These provisions could come into play when an adverse event is allegedly the result of both user error and product malfunction. The party that signed away their rights to properly allocate responsibility could find themselves defending a claim they were not solely responsible for.  Expectations around biometrics are evolving, so it can be difficult to foresee all the consequences of a failure. This is where the insurance broker relationship is vital. Working with an experienced professional who understands the risks involved, businesses can ensure that they have the proper coverage and protection for their technology advancements. 

Other questions that need to be addressed include:

  • Is the insured providing their solution as software-as-a-service (SaaS)?
  • How will coverage respond to loss of connectivity if a cloud service provider goes down?
  • What is the service-level agreement with the cloud service provider (CSP)?

Technology Errors and Omissions (E&O)

Customers pay a lot for biometrics hardware, software and consulting expertise. But what if expectations are not met? For example, a new installation may have bugs, or the customer could suffer different issues as biometric software gets installed such as network delays, lost income and increased costs. Technology E&O insurance can help by protecting businesses from errors, omissions, negligence and product failures.

Also known as technology professional liability insurance, technology E&O helps cover an insured’s lawsuits, legal fees, court costs, attorney fees, administrative costs, and settlements and judgments. For example, if a computer software company develops a new product that damages a client’s computer system and costing thousands in repairs, technology professional liability insurance can help cover the costs associated with a potential claim against the computer software company for the errors in the software.

While technology professional liability insurance and technology E&O are the same and provide coverage for errors, omissions, mistakes, and negligence in technology services or products provided, they differ from data breach and cyber liability insurance.


Data breaches are increasing in frequency and severity and the public is more concerned about identity theft, so companies using biometric data must proceed with caution, even if the state where their business is located does not have biometric privacy laws.

Cyber insurance helps businesses if they lose private customer data, but biometric companies should also consider both first- and third-party protections. These help cover costs related to system failures, network interruption, voluntary shutdowns, forensics, cyber terrorism and cyber deception/social engineering fraud.

Data breach insurance and cyber liability insurance can help cover the costs associated with data security breach, and include identity protection solutions, public relations, legal fees and liability. For example, if a software company that has been storing payment information for customers in their computer system for years unexpectedly has their systems hacked and credit card information was stolen, customers can respond by filing claims against the company. Data breach and cyber liability insurance can then help cover the costs associated with those claims.

In another example, if a manager of a technology company forgot to lock his office door, and a thief wanders in and steals the personal information of hundreds of customers, the customers can file claims against the technology company. Data breach and cyber liability insurance will also help cover the costs associated with those claims.

Unauthorized Collection of Personal Information

Privacy is a key risk of biometric technology that is evolving along with related laws. When evaluating coverage needs, insurers should know where and how the company obtained all their information.

There are two ways biometric companies can gather data: Voluntary enrollment, which has a lower privacy risk and should include signed written consent; and involuntary collection, which can violate state laws that require explicit consent. An example of involuntary collection is pulling data from social networks. Companies that host customer data also take on a privacy risk, so it is important to look at how the company stores and protects the data.

Insurance that can respond to these kinds of risks includes liability for unauthorized collection of personal information and coverage for fines and penalties related to a cyber breach.

Product Liability

A biometrics enterprise can also be held liable for products that are deemed faulty or do not perform to expectations. For example, customers may sue if the biometrics technology they purchase for security purposes delivers a false negative that allows a known bad actor to access a safe space or fails to detect a shoplifter who steals expensive merchandise.

Product liability insurance can help cover the legal and court costs of defending any such claims. Without product liability coverage, a biometric business could have to pay out of pocket for costly claims related to product defects, including design defects that existed before the product was made or manufacturing defects that occur during production. Whether a small business or larger company, many biometrics producers can benefit from product liability coverage including manufacturers, retailers, and wholesale and distribution businesses.

Any stage of production can lead to defects that can put a biometrics company at risk. Additional coverages provided by product liability insurance include strict liability (a customer gets hurt by a manufacturers’ product) even if the business owner is not found negligent, and improper warning (when a business owner does not give customers enough warning on proper use of a product). Without this coverage, a business would have to pay for these costs out of pocket, and not every business has the resources to cover product liability laws.

False Arrest

Facial recognition can mistakenly identify suspects and provide a false accusation, potentially leading to a false detention and arrest. A general liability insurance policy can help if this happens. Businesses may also need to extend their coverage to address the consequences of a false negative or positive identification resulting from a cyber breach.

It is important to remember that general liability insurance can not only help cover the costs to respond to a claim that a business caused property damage or bodily injury, but can also assist with claims of reputational harm resulting from malicious prosecution, slander, libel, wrongful eviction, and violating a person’s privacy, as well as advertising injuries such as copyright right infringement from a business’ ads. This type of insurance can also help pay for medical expenses, repair costs, legal costs, and judgments and settlements from a lawsuit.

Andrew Zarkowsky is technology industry practice leader at The Hartford. His focus is on underwriting execution inclusive of growth, profit and product innovation for the technology industry. He has nearly 20 years of experience in underwriting technology companies.