Q1. What is a Public Liability claim?

It is a written demand for money (“damages” or “compensation”) based on the assertion that some act or failure by you, or your organisation, has resulted in injury or damage to the claimant or his/her property. It is not the same as a complaint or request, but may result from the same incident.

Q2. What should I do if I get a claim?
  • First, acknowledge the letter, without commenting on the contents.
  • Then check whether you are covered by any of your insurances. This may be a specific Public Liability or Combined Liability policy or it may be included as part of a Household or Business policy, so do check. If you are covered, or if you are not sure, inform your insurers or brokers.
  • Always comply with any instructions they give or you may invalidate your policy.
  • If you are not insured, you may be able to investigate and deal with the claim yourself, or you may wish to seek help from a professional. They should be able to give you some initial advice to enable you to decide whether to engage their services.
Q3. Do you work for claimants or defendants?
  • JHM Risk Management Services primary function is to provide services for those needing to defend claims.
  • However, investigations are essentially neutral and can conducted on behalf of either side.
  • See also “Investigations and Services for Solicitors”.
Q4. Are your services necessary if I have liability insurance cover?
  • Perhaps! You may have an insurer who gives first class personalised service, making anything else superfluous, but many people find they need someone to act as go-between, to chase up their insurer, to interpret what their insurers say to them, or to hold their insurer to account, so as to get better value for money for their premiums.
  • Most of my best work has been done working in conjunction with insurers. Cooperation rather than conflict has been my main experience.
  • Some insurers find it helpful to have someone with relevant knowledge and experience whom they can deal with on behalf of their client, especially where the client does not have the time or ability to deal with all their questions as promptly as is needed.
  • You may find some or all aspects of your claim are not covered and so your insurer is unable to help resolve them.


Q1. What is the link between risk management and insurance?
  • Insurance is a means of managing some of the financial effects of risk. It is important to remember:
  • The need to manage the underlying causes
  • Not all risks can or should be insured
  • Good risk management helps reduce the cost of insurance.
Q2. What risks do we have to manage?
  • These are many and varied. No list could cover them all.
  • For a general description of each of the main 12 categories, go to HERE
  • For growing businesses see my article at HERE
Q3. What are the biggest risks?
  • That depends entirely on your business and on your particular circumstances.
  • A growing but neglected class of risks are those around data protection. See separate section of FAQs on Data Protection.
Q4. Are there any risks you cannot manage?
  • Some things, such as the weather and national events are beyond the control of most of us
  • Even if you cannot prevent something, you can mitigate its effects by having a recovery plan for instance.


Q1. Who is Responsible for Data Protection AND can you transfer this responsibility?
  • A lot of people still seem to think that Data Protection is a matter for their IT manager. In fact the buck really does stop with the man, or woman, at the top. There may be disciplinary repercussions for the IT manager or whoever else caused the breach, but the primary responsibility lies with the business owner.
  • Similarly, a lot of people think that if they outsource IT services or even payroll, accountancy, or other services, the responsibility for the data involved will transfer to the business providing the service.
  • This is all untrue. The Act places all the responsibility on the business whose data it was in the first place, defined as the “Data Controller”. The other business is defined as the “Data Processor”. Changes have been introduced which will allow the authorities to fine the Data Processor as well, but they will not remove the burden from the Data Controller.
  • If you have written your contracts carefully enough, you may be able to obtain some compensation from the business actually responsible for the data breach, but that will probably be after you have been prosecuted and fined
Q2. Do I Offer IT Solutions When I Offer Data Protection Services?

I do not. I would like you to think about the following points.

  • In a recent survey IBM found that 40% of data breaches were caused by human error and that another 35% were caused maliciously, leaving IT issues a poor third.
  • Having great IT security does not stop people leaving laptops on trains or printouts on photocopiers, just as great physical security is ineffective if staff forget to lock doors.
  • It is too easy to find that you cannot see wood for trees if you get too involved in the details of IT systems without stepping back and looking at the big picture.
  • Once an issue has been identified it is often possible for the client’s existing IT provider, internal or external, to resolve it.
  • Where the client agrees that an IT solution is required, I have several highly competent IT experts whom I can call upon for advice or support.
  • It is very easy to spend a lot of money on improving your IT when all you really need is to use your existing hardware and software properly and to establish realistic but secure procedures for everyone in the business to follow online and offline.


01925 445215


07726 490639



I'm Social