Michael A. Hamilton and Christopher J. DiIenno of Nelson Levine de Luca & Hamilton LLC discuss a case that pre-dates this blog but litigation over the insurer’s obligations has only recently resulted in an appellate ruling:
As more data breaches and information security events occur, the insurance industry will see more disputes over whether losses from these events are covered under commercial general liability (CGL) policies. In the latest round, the appellate court in Connecticut rejected the insureds’ attempts to seek coverage under a CGL policy for costs related to the response of a data breach of personal information.
In 2003, Recall Total Information Management, Inc. (Recall) agreed to transport and store computer tapes for IBM. Recall entered into a subcontract with Executive Logistics, Inc., (Ex Log) for transportation services. In 2007, a cart containing IBM’s computer tapes fell out of the back of an Ex Log van. Approximately 130 tapes, which included employment-related data, including Social Security numbers, birthdates, and contact information were taken from the roadside and never recovered. In order to provide legally required notice of the incident to the approximately 500,000 past and present IBM employees affected, IBM incurred more than $6 million in expenses for a call center and one year of credit monitoring. Recall sought indemnification from Ex Log after entering into a negotiated settlement with IBM. Ex Log (and Recall as an additional insured) sought coverage under a CGL policy issued by its carrier.
The court addressed the issue of whether the insurer had a duty to pay the notification costs under the “personal injury” section of the policy, in particular, coverage for injury caused by “publication of material that…violates a person’s right to privacy.” Plaintiffs alleged that the loss of the computer tapes was publication of the information to the thief.
Read more about the case and the court’s ruling on Lexology.
The case was Recall Total Information Management v. Federal Insurance Company. I’ve uploaded the opinion here (pdf).