Coverage Disputes Over Data Breaches . . . (as summarized by HB Litigation Conferences)
On July 15, 2009, I gave a presentation regarding insurance coverage for data breaches for my friends at HB Litigation Conferences, along with Tim Delahunt and Arturo Perez-Reyes. Tom Hagy (yes, the “H” in “HB”) wrote a really nice blog post discussing and summarizing the content of the teleconference, which you can find by clicking here.
Tom opens the piece with a provocative title and subtitle, asking:
. . . A Deluge or a Dud?
With hundreds of laws governing data privacy and the potential for billions of dollars in damages, you can’t help but think that insurance coverage disputes are about to fall on courts like confetti.
Maybe yes; maybe no.
Either way, companies need to pay as close attention to their insurance policies as they do their data protection policies.
Tom then gives a nice summary of the introduction and overview regarding potential insurance coverage for data breaches that I provided to the conference attendees:
Speaking on HB’s July 15 teleconference – “Private Data Breaches: Insurance Coverage Implications & Prevention” – policyholder counsel Scott Godes [formerly] of Dickstein Shapiro told listeners that, despite what insurance counsel might say, “don’t write off your existing coverage” if looking for protection. He also said to know the window of time to get your notice in quickly to get your insurer “to partner up with you,” and to consider new cyber-security coverage – but “know its limitations.”
Tom also featured some of the fascinating data points that my co-presenter Arturo Perez Reyes provided on this burgeoning area of liability:
Co-presenter Arturo Perez Reyes said California alone has 81 separate privacy laws, and there are hundreds of laws outside the U.S. If you lose records, you will have to tell everyone that you lost them, he said, “essentially notifying a whole class of potential plaintiffs.”
There was a 44% increase in data losses last year that resulted in $50B in losses, Reyes reported, adding that nine million people were affected by identification theft.
“The concept of a firewall is a joke,” Reyes declared.
Tom also highlighted some back and forth between me and co-presenter Tim Delahunt:
Godes criticized insurance company arguments against coverage for data theft arising from failures on the part of the policyholder’s systems. “If there is no failure to maintain proper authentication and no failure of data security measures, there would be no potential liability and no lawsuits,” he said. “And if there never was a failure of proper authentication and never was a failure of data security, I suppose insurance companies would be thrilled because they would get your insurance premiums and nothing ever goes wrong.”Co-presenter Timothy Delahunt of Kenney, Shelton, Liptak & Nowak called this a “classic policyholder complaint – that insurance companies issue coverage then deny it.”
“The analogue is that courts will find coverage when they need to, to satisfy an underlying liability. Do I think the facts and policy language have changed?” Delahunt asked. “By and large no. Could the coverage landscape change as underlying liability expands? I believe that’s possible.”
For the rest of the analysis and the post, click here. And thanks, of course, to Tom and HB Litigation Conferences for the write up!
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.