Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

View Article - King & Spalding

The following article is from National Underwriter’s latest online resource,
FC&S Legal: The Insurance Coverage Law Information Center.
The Insurance Coverage Law Information Center
MIND THE GAPS: PATH TO PRIVACY AND CYBER RELATED INSURANCE
COVERAGE REMAINS UNCERTAIN
By Anthony P. Tatum, Shelby S. Guilbert, and Andrew M. W. Mutter
In several high profile coverage cases over the past few years, policyholders and insurance companies have
battled over whether well-worn exclusions and coverage clauses in commercial general liability policies and
directors and officers policies allow coverage for a number of risks unique to the cyber information and
communication age. This article reviews cases that highlight the importance of carefully assessing risk and
reviewing company insurance policies to make sure significant gaps are closed and that the language of the
policies does not lend itself to “gotcha” denials by insurers when a company needs coverage most.
As lawsuits against companies for breach of privacy-related laws and cybersecurity failures continue to rise, the only thing that is certain
is that it is uncertain just how much coverage is out there under commercial general liability policies (“CGL”), directors and officers
(“D&O”) policies, and cyber policies. From these cases, a common theme has emerged—insurers, on the one hand, are retrofitting
old, broadly phrased exclusions originally designed for limiting different kinds of liability to deny coverage for claims arising out of
cyber incidents, while policyholders, on the other hand, are attempting to prove that the losses they face in the wake of a cyber or
privacy event are the same kinds of losses that D&O and CGL Policies were intended to cover. These cases highlight the importance
of carefully assessing your company’s risk and reviewing company insurance policies to make sure significant gaps are closed and the
language of the policies does not lend itself to “gotcha” denials by insurers when your company needs coverage most.
Los Angeles Lakers, Inc. v. Federal Insurance Co.
In Los Angeles Lakers, Inc. v. Federal Insurance Co.,1 the Lakers sought coverage from Federal under a D&O policy for a Telephone
Consumer Protection Act (“TCPA”) class action filed against it in 2013. The class action stemmed from a marketing campaign that
encouraged game attendants to text in to a posted number in order to have their texts displayed on the jumbo screen during the
games. Individuals that texted into the posted number received text messages back that they were charged for, allegedly in violation
of the TCPA. Although the trial court ultimately dismissed the suit, the Lakers settled on appeal and sought to obtain insurance
coverage for their defense costs from their D&O insurer.
After denying coverage, Federal successfully argued in federal district court that coverage was not available for the TCPA claim under
the D&O policy because the claim “arose out of” an “invasion of privacy.” The Lakers are currently appealing the decision to the
Ninth Circuit. The Lakers argument for coverage is essentially threefold: (1) the TCPA was enacted both out of concerns for privacy
and out of concerns of public nuisance; (2) the plaintiff in the underlying case specifically disclaimed any intent to seek a claim for
personal injury, which includes invasion of privacy; and (3) at a minimum, there is a possibility of coverage under this kind of situation,
so Federal had a duty to defend the entire suit.
National Union Fire Insurance Co. v. Dish Network LLC
In another TCPA case, National Union Fire Insurance Co. v. Dish Network LLC,2 Dish Network is struggling—and currently failing—to
consolidate declaratory actions filed by multiple insurers in jurisdictions across the country as its commercial general liability insurers
seek to avoid coverage for an up to $2 billion dollar TCPA suit brought by state and federal agencies pending against Dish Network in
the U.S. District Court for the Central District of Illinois. In particular, Dish Network’s would-be insurers claim the TCPA class action is
not covered under its commercial liability umbrella policies due to exclusions for bodily injuries, personal injuries, advertising injuries,
knowing violations, and intentional conduct.
Zurich American Insurance v. Sony Corp. of America
In the wake of the 2011 breach of Sony’s PlayStation platform, Sony was hit with 65 putative class actions and had damages estimated
as high as $2 billion. When Sony sought advertising injury coverage under its CGL policy for losses arising from the hackers’
“publication” of private consumer information, its insurers denied coverage and brought a declaratory action in New York Superior
Call 1-800-543-0874 | Email customerservice@nuco.com | www.fcandslegal.com
Court. In Zurich American Insurance v. Sony Corp. of America,3 the state trial court sided with the insurers and found that for coverage
to apply Sony itself, not the hackers, would have had to have published the private information. Critics of the decision have noted that
nothing in Sony’s CGL policy required that Sony was directly responsible for the publication, only that it was liable for it. After Sony
appealed the trial court’s decision on this ground, Sony and the insurers settled before that issue could be decided.
The Exclusions
Of course, the exclusions relied upon by insurers in Los Angeles Lakers and Dish Network began to appear in D&O and general
liability policies long before the dawn of the information age and the rise of new statutory and regulatory frameworks that were
implemented to address growing privacy concerns. Unfortunately for companies like Dish Network and the Los Angeles Lakers,
insurers often argue that these exclusions, which in some cases were drafted decades ago, bar coverage for TCPA lawsuits, even in
the absence of an express TCPA exclusion. Moreover, many cyber policies in the current marketplace that are meant to close gaps in
coverage found in D&O and CGL policies either explicitly exclude TCPA coverage, or have exclusions for intentional conduct or claims
arising out of advertising practices. Additionally, as illustrated in the Sony case, the availability of coverage under general liability and
D&O policies is usually disputed by insurers.
Cyber Breach Sources of Loss
In the wake of a cyber breach, the potential sources of loss are legion: companies face lawsuits from consumers, banks, and card
issuers, and other third parties, as well as costly government investigations and actions from the Federal Trade Commission, the
Federal Communications Commission, states attorneys general, and, recently, the Securities and Exchange Commission. This says
nothing of the losses suffered directly by a company, such as expenses for hiring public relations and cybersecurity consultants, loss
profits due to business interruption, damage to reputation, and irrecoverable damage to trade secrets, proprietary data, and other
intellectual property.
The TCPA itself is just one of the growing body of privacy related statutes that have been implemented at both the state and
federal level to address growing concerns over the use and protection of digital personal information. Like the TCPA, some of these
statutes impose statutory fines that can quickly add up to substantial liability. Indeed, some of the greatest costs to companies from
privacy related incidents can be from regulatory actions brought by state and federal agencies, where the cost to comply with the
investigation alone can be in the millions of dollars.
Conclusion
To protect itself against the risk of privacy liabilities, a company should carefully assess and prioritize its areas of vulnerability based
upon the nature of its business. A company should then engage legal counsel and its insurance broker to make sure that it’s CGL,
D&O, and cyber policies work together to give the company the appropriate coverage, and to avoid potential gaps in coverage.
Special attention should be given to establishing policyholder-favorable language in the terms, conditions, definitions, and exclusions
so as to limit insurers’ ability to limit claims on unexpected and technical grounds.
(Endnotes)
1.No. 14-CV-07743-DMG (C.D. Cal. 2015).
2. No. 1:15-cv-01053-RPM (D. Colo.).
3. N.Y. Sup. Ct. Feb. 21, 2014.
About the Authors
Anthony P. Tatum, a partner at King & Spalding and a member of the firm’s Business Litigation Group, focuses on
policyholder insurance coverage litigation, arbitration, and consultation, as well as other complex commercial disputes.
Mr. Tatum may be contacted at ttatum@kslaw.com.
Shelby S. Guilbert is a counsel in King & Spalding’s Business Litigation Group, where he represents businesses, financial
institutions, and policyholders in insurance recovery disputes, complex business disputes, and cross-border litigation.
Mr. Guilbert may be contacted at sguilbert@kslaw.com.
Andrew M.W. Mutter is an associate at King & Spalding and a member of the firm’s Business Litigation Practice Group,
representing businesses and corporations in government investigations and in complex commercial disputes, including
policyholder insurance coverage disputes and professional liability disputes. Mr. Mutter may be contacted at
amutter@kslaw.com.
This article was published in the January/February 2016 Insurance Coverage Law Report.
Call 1-800-543-0874 | Email customerservice@nuco.com | www.fcandslegal.com
For more information, or to begin your free trial:
• Call: 1-800-543-0874
• Email: customerservice@nuco.com
• Online: www.fcandslegal.com
FC&S Legal guarantees you instant access to the most authoritative and comprehensive
insurance coverage law information available today.
This powerful, up-to-the-minute online resource enables you to stay apprised
of the latest developments through your desktop, laptop, tablet, or smart phone
—whenever and wherever you need it.
NOTE: The content posted to this account from FC&S Legal: The Insurance Coverage Law Information Center is current to the date of its initial
publication. There may have been further developments of the issues discussed since the original publication.
This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding
that the publisher is not engaged in rendering legal, accounting or other professional service. If legal advice is required, the services of a competent
professional person should be sought.
Copyright © 2016 The National Underwriter Company. All Rights Reserved.
Call 1-800-543-0874 | Email customerservice@nuco.com | www.fcandslegal.com
Related documents
Green Management in high-tech industry:a case study of Sony Group
Green Management in high-tech industry:a case study of Sony Group
Global Data & Privacy Update
Global Data & Privacy Update
FIN 321 Principles of Risk Management and Insurance Insurance
FIN 321 Principles of Risk Management and Insurance Insurance
New York State Passes “Prior-Approval” Rate Increase Insurance Law
New York State Passes “Prior-Approval” Rate Increase Insurance Law
Based in Singapore, Sony Electronics Asia Pacific Pte. Ltd serves as
Based in Singapore, Sony Electronics Asia Pacific Pte. Ltd serves as
Rich Marty
Rich Marty
Clarifying Misinformation on TCPA David Safford, IBM Research, October, 2002 Introduction
Clarifying Misinformation on TCPA David Safford, IBM Research, October, 2002 Introduction
Download