Joshua Mooney of White and Williams discusses court rulings involving insurance coverage for data breaches:
…. General liability policies are the most popular candidate. The policies define “personal and advertising injury” in part as injury arising out of “oral or written publication, in any manner, of material that violates a person’s right of privacy,” as in ISO Form CG 00 01 12 07, Section V.17. Whether a data breach implicates personal and advertising injury coverage thus depends upon whether there has been a “publication” that violates the “right of privacy.” Easy? Well, no. These issues are not always straightforward.
You can read his article on The Legal Intelligencer, where he reviews a number of relevant court cases. As Mooney discusses, “The issue of whether data breaches involve a violation of a right of privacy has been litigated less.”