After the Fourth Circuit held that a commercial general liability (“CGL”) policy could cover a data incident in 2016, confusion arose as to whether CGL policies would continue to cover data breaches. A recent California lawsuit by the smart-TV maker Vizio against two of its insurance companies shows that this confusion also arises when an insured invokes CGL policies to cover litigation arising from alleged data misuse.
Continue Reading Somebody’s Watching Me: A Recent Smart-TV Lawsuit Seeks Insurance Coverage for Privacy Litigation
Dykema
Not All Violation of Statutes Exclusions Are Created Equal
Coverage litigation relating to liability claims arising out of the Illinois Biometric Information Privacy Act (“BIPA”) has been relatively non-existent. One reason for this may be insurers’ reasonable conclusion that an exclusion introduced in 2006 in response to litigation arising under the Telephone Consumer Protection Act (“TCPA”) applies to this new genre of privacy litigation. That exclusion, generically referred as the Violation of Statutes Exclusion, was the insurance industry response to decisions from around the country finding that TCPA violations qualified as “personal injury” under liability policies. The exclusion evolved over time and now includes a catch-all provision that applies to violations of federal or state statutes or ordinances or regulations other than the enumerated statutes referenced in the exclusion—the TCPA, the CAN-SPAM Act of 2003 and the Fair Credit Reporting Act (“FCRA”). The Illinois court’s opinion in Westbend Mutual Insurance Ins. Co. v. Krishna Schaumburg Tan, Inc., 2020 Ill.App.(1st) 191384, is an example of how important the wording of that catch-all provision is for insurers seeking to rely on it to exclude coverage for BIPA violations.Continue Reading Not All Violation of Statutes Exclusions Are Created Equal
Maryland Court Orders Insurance Company to Pay Ransomware Damages Under Businessowner’s Policy
The United States District Court for the District of Maryland recently held that an insurer must cover an insured’s costs to replace its computer systems following a ransomware attack. The case, National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company, Civ. No. SAG-18-2138 (D. Md. January 23, 2020), contains lessons for business and insurance companies going forward.
Continue Reading Maryland Court Orders Insurance Company to Pay Ransomware Damages Under Businessowner’s Policy
Policyholder Win Under Crime Policy for Social Engineering Scam
Sophisticated cyber crimes have been of great interest in the insurance world for the past decade, but relatively low-tech schemes are also a risk to policyholders and to insurers. Tricking an employee to transfer funds to an unauthorized account is a scam that existed prior to wide-spread use of email and the Internet. For example, the fraudster calls the bank employee, pretending to be his supervisor, authorizing a payment to be made ASAP, or a seller provides “updated” information for a wire transfer at a real estate closing, and the title company sends the funds to the wrong account. More recently, perpetrators of these types of social engineering tricks have made use of email to deliver fake payment instructions, and have infiltrated company or employee accounts to obtain necessary credentials or to create the impression of authority. Depending on the facts of a claim and the terms of specific insurance contracts, policyholders who are the victims of such scams may seek coverage under cyber liability policies or under traditional lines such as crime / fidelity and general liability.
Continue Reading Policyholder Win Under Crime Policy for Social Engineering Scam
Federal Court Rejects Effort to Skirt a Policy’s Claims-Made-and-Reported Requirement
While courts on some issues may seem bent on finding coverage, there are some notable exceptions. Courts generally have faithfully applied claims-made-and-reported provisions even when an insured has had continuous coverage. An Arkansas federal district court recently did just that when it concluded that a school district failed to give its insurer timely notice of a claim under consecutive claims-made-and-reported policies.Continue Reading Federal Court Rejects Effort to Skirt a Policy’s Claims-Made-and-Reported Requirement
All Stop: Ruling on the Applicability of Exclusion to BIPA Claims Delayed
The fallout from the Illinois Supreme Court’s January 25, 2019, opinion in Rosenbach v. Six Flags Entertainment Corp., 19 IL 12316, continues. Rosenbach settled the dispute of who qualifies as an “aggrieved person” under the Illinois Biometric Information Privacy Act (“BIPA”), and in doing so opened the floodgates for this litigation to proliferate. The immediate result was a sharp increase in the filing of BIPA class actions as well as the lifting of stays of the numerous cases pending that were awaiting the Rosenbach ruling.
Continue Reading All Stop: Ruling on the Applicability of Exclusion to BIPA Claims Delayed