(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

Data Breach Covered Under Traditional Policy, 4th Circuit Says               By Jeffrey Davis, Quarles & Brady, LLP  

5/8/2016

0 Comments

 
As a risk management consulting firm, we have extensive relationships with many coverage lawyers, underwriters, insurance industry experts, brokerage firms, and other professionals.   From time to time, we will include blogs from our relationships on the SandRun Risk website.  Today, we include a blog from Jeffrey Davis, a partner with Quarles and Brady.  We hope that you enjoy it!

***************************************************************************************************

Insurance coverage for data breach incidents is a hot topic in the insurance world. Nowhere is it hotter than in the area of newly created specialty cyber policies designed specifically to cover such incidents—what do these policies cover, when should they be purchased and how much coverage should be obtained are questions we routinely encounter. But a Fourth Circuit decision decided April 11 serves as an important reminder that more “traditional” general liability policies should not be overlooked in the unfortunate event that one finds oneself facing liability for a data breach.
 
The case, Travelers Indemnity v. Portal Healthcare Solutions, LLC, was an action by Travelers seeking a declaration that it had no duty to defend its insured, Portal, in an underlying class action alleging negligence by Portal in inadvertently allowing healthcare records of its patients to be accessible over the internet. The policy issued by Travelers was a fairly standard commercial general liability (“CGL”) policy, which included personal and advertising injury coverage for, among other things, “electronic publication of material that gives unreasonable publicity to a person’s private life.” Travelers claimed that the allegations that the records were allowed to be made available on the internet was not a “publication.”
 
The Fourth Circuit had little trouble rejecting this argument, finding that the “publication” requirement was satisfied since the allegations, if proven, meant that “any member of the public with an internet connection could have viewed the plaintiffs’ private medical records during the time the records were available online.”
 
In so concluding, the court aligned itself with the few lower-level courts considering this issue and, given the prominence of the issuing court (the first federal appellate court to decide this issue) perhaps breathed additional life into the notion that CGL coverage is potentially available in these types of cases. One issue that was not addressed, because it was apparently not at issue, was whether such coverage exists when the publication is made by a third party, e.g. a hacking incident which triggers third party lawsuits against the hacked party.
 
Two years ago, in the highly publicized Sony Playstation data breach case, a New York lower court denied coverage on such grounds (though notably the court ruled that the hacking incident did result in a “publication” even though the hackers were the only ones, at least at that point, who had the data). That case settled before an appellate ruling was made. So the “third party hacker” issue may continue to linger (though its rationale is open to attack as it does not appear to be based on policy language). Other issues include the scope of protection under such policies, e.g., for fines, investigations, etc., and the increasing prevalence of exclusions for cyber liability.
 
Simply put, it would be an enormous mistake to view this decision as any kind of insurance cure-all—or a reason to avoid purchasing cyber insurance (if the need to do so otherwise exists).  Nonetheless, the decision does at least provide helpful precedent in what are largely uncharted waters in the event general liability coverage is needed as a source of recovery for a data breach claim.
 
0 Comments



Leave a Reply.

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | info@sandrunrisk.com