privacy risk resource hub
Privacy risk is surging for businesses of all sizes
Wrongful Collection Litigation is accelerating fast in nearly every sector. Leverage this hub of resources to master the basics of wrongful data collection and help your clients recognize, reduce, and respond to privacy liability risks.
KNOW THE RISK
77% of wrongful collection claims originated from website tracking
Small businesses aren't immune
Nearly 60% of web privacy claims were reported by businesses with less than $100 million in revenue.
Plaintiffs’ attorneys drive losses
Four law firms were responsible for 72% of all web privacy claims against businesses.
Old laws fuel new claims
Nearly three-fourths of web privacy lawsuits cited the California Invasion of Privacy Act of 1967.
Uncover the emerging risk hiding in plain sight
Coalition's groundbreaking State of Web Privacy Report examines nearly 200 claims and scans of over 5,000 business websites to reveal where exposure is hiding and how you can help your clients get ahead of this evolving risk.
A Surprisingly Simple Guide to Wrongful Collection
How Privacy Litigation Impacts Small and Midsize Businesses
Debunking 4 Myths Around Wrongful Collection
FAQ
Still have questions about privacy risk? Get in touch with one of our experts.
What is wrongful collection?
Wrongful collection occurs when a business improperly gathers or shares personal data not due to a hack or breach, but through normal operations. Common examples include using tracking pixels, chat features, or analytics tools without getting proper consent first. If a website collects data without informing visitors, shares it with third parties without their permission, or uses it for purposes beyond what its privacy policy states, that's wrongful collection.
How does wrongful collection fit within broader privacy liability risks?
Many brokers use "wrongful collection" to describe any privacy claim that isn't a data breach, but it's actually more specific. Wrongful collection is about improperly gathering data in the first place. Privacy liability is bigger, as it includes using data for the wrong purposes, sharing it without permission, keeping it too long, or failing to delete it when requested. Each of these actions can trigger a lawsuit on its own, no breach required.
What are pixel tracking technologies, and why do 
businesses use them?
Pixels are invisible bits of code on websites that track what visitors do, like which pages they visit or what they click. The Meta (Facebook) Pixel is the most common, but Google, TikTok, LinkedIn, and other platforms have them too. Marketing teams love pixels because they show if ads are working and help target the right customers. The problem is, these pixels start collecting and sharing data the second someone visits a website, often before they can provide consent. Even worse, they sometimes accidentally capture and share sensitive information. This automatic data sharing is what creates wrongful collection risk.
Why is wrongful collection and privacy liability risk increasing?
There are several factors contributing to this increase. New tracking technologies, such as pixels and session recording tools, are becoming more commonplace, and new privacy laws and regulations are constantly emerging. But the biggest driver in the United States is an increasingly active plaintiffs' bar. Class action attorneys are using automated tools to scan websites for violations, then bringing lawsuits under both new and existing laws. With statutory damages that can reach thousands per violation and the potential for massive class actions, even minor violations have become targets for litigation.
Can small businesses face wrongful collection lawsuits?
Yes. Contrary to popular belief, it's not just large companies being targeted. We've seen wrongful collection claims hit SMBs across all industries, with settlement demands often reaching six figures even for businesses under $100M in revenue. Even small companies without dedicated compliance teams need to be aware of this risk and take proactive steps to protect themselves.
UNDERSTAND THE COVERAGE
Unclear coverage is risky — help clients avoid coverage gaps by knowing what to look for
Exclusions, vague policies, and too-good-to-be-true coverage can leave you guessing what’s actually protected. Use the resources in this section to evaluate policies with confidence and help ensure proper protection.
Privacy Liability Claims Examples
Navigating Privacy Liability Coverage Guide
A Surprisingly Simple Guide to Wrongful Collection
FAQ
Still have questions about privacy liability coverage? Get in touch with one of our experts.
Is coverage for privacy liability and wrongful collection automatically included in every cyber policy?
Not necessarily. While nearly all cyber policies include some form of privacy liability coverage, the scope varies wildly. Some policies only cover privacy breaches tied to data breaches or security failures, while others might exclude specific technologies or claim triggers. Even when coverage exists, it may come with a restrictive sublimit. It’s important to explicitly confirm that the policy covers wrongful collection from normal business operations, not just privacy violations from hacks or breaches.
How does Coalition approach privacy liability coverage?
Coalition takes a two-pronged approach to privacy liability coverage. Our flagship Active Cyber Policy includes our broadest definition of privacy liability in the base coverage. However, the base policy includes exclusions for claims arising out of BIPA (biometric) and pixel tracking.
For an additional premium, we offer the Enhanced Privacy Liability Endorsement that removes exclusions around BIPA (biometric) and pixel tracking. This endorsement is available up to full policy limits, at underwriting discretion. The result? Meaningful coverage for the practices driving today's wrongful collection lawsuits.
What do underwriters look for when evaluating higher limits?
When brokers request higher limits on the Enhanced Privacy Liability Endorsement, Coalition evaluates the business's privacy controls and practices. Depending on the nature and risk profile of the business, we may look for appropriate consent mechanisms (opt-in or opt-out) and privacy practices more generally. Some higher-risk businesses may need to provide additional documentation about their privacy programs. The goal is to match coverage limits to actual risk while ensuring businesses have the meaningful protection they need.
ADD VALUE FOR CLIENTS
Give your clients the insight they need to protect against evolving privacy risks
Use these resources to guide your client conversations around privacy risk, or share them directly to help clients take control.
Privacy Best Practices for Small & Midsize Businesses Checklist
Privacy Policy Template
Best Practices to Avoid a Wrongful Collection Event
Refer your clients for discounted legal services
Coalition has partnered with Mullen Coughlin, a law firm focused on helping businesses avoid and respond to data privacy events. Refer your clients for a free consult and engagement at a discounted rate.
FAQ
Still have questions about adding value and advising your clients on privacy risk? Get in touch with one of our experts.
Which types of businesses should brokers prioritize for wrongful collection coverage?
Any business with a website needs to consider this risk, but it's especially critical for those in healthcare, finance, e-commerce, and digital media. While B2C companies are the most common targets for litigation, don't overlook B2B businesses — especially those running digital marketing campaigns.
When is the best time to bring up wrongful collection with clients?
Three key moments: during any cyber renewal, when a client mentions adding new website features or marketing tools, and when privacy laws change in their state. Also flag this for any client in healthcare, finance, or e-commerce - they face higher exposure and often don't know it.
How can brokers help clients reduce their wrongful collection exposure?
Start with Coalition's Cyber Risk Assessment, which is included with every policy. It now has a dedicated section on privacy exposures that shows clients exactly what tracking technologies they have installed, when their privacy policy was last updated, and other key privacy risks. This gives clients concrete data about their exposure they likely don't know about. For additional guidance and resources, share Coalition's Privacy Best Practices for Small & Midsize Businesses, which contains practical guidance informed by claims data.
active privacy protection
A picture of privacy risk informed by data no one else has
By combining real-time scanning of privacy exposures, proactive alerts on legal trends, and actionable guidance delivered through Coalition Control®, we help your clients address privacy issues before they become lawsuits, giving you the competitive edge that comes from proactive protection.
Detect trackers and data sharing
We scan for third-party pixels, cookies, and tracking technologies that collect visitor data — often deployed without legal's knowledge.
Identify missing consent mechanisms
We verify consent banners are properly implemented, functioning correctly, and compliant with state and international requirements.
Extract and parse privacy disclosures
We analyze privacy policies to identify outdated language, missing disclosures, and inconsistencies with actual data practices.
Identify session recording risks
We flag screen recording and replay tools that capture every click, keystroke, and form entry — a growing source of privacy litigation.
View and advise on your clients’ privacy exposures
Included with every quote, Coalition’s Cyber Risk Assessment (CRA) provides a privacy health score and list of privacy findings for each domain associated with an organization. Review top exposures with your clients and discuss opportunities to improve privacy controls.
