BreachExchange mailing list archives
Data breach covered under commercial general liability policy, court rules
From: audrey () riskbasedsecurity com (Audrey McNeil)
Date: Thu, 14 Apr 2016 16:52:11 -0600
http://www.ibamag.com/news/data-breach-covered-under-commercial-general-liability-policy-court-rules-30373.aspx A Monday court decision added a significant victory for insurance policyholders to an issue with very little existing case law. In an unpublished opinion, a panel of the Fourth Circuit ruled that Travelers Co. must defend medical records company Portal Healthcare against a claim that its failure to properly secure servers lead to a data breach in which unauthorized users were given access to private records. Travelers must settle the claim under the commercial general liability policy it extended to Portal Healthcare, the panel said. The ruling echoed the verdict of a Virginia district court, which held in August 2014 that CGL policies provide coverage for a data breach. The case in question involved patient records from Portal Healthcare being published on the Internet and made searchable by different search engines. Portal sought coverage under two policies which would require âTravelers to pay sums Portal becomes legally obligated to pay as damages because of injury arising from the âelectronic publication of material thatâ¦gives unreasonable publicity to a personâs private lifeâ or the publication of material that âdiscloses information about a personaâs private life.ââ Travelers and Portal disputed whether there was such injury, and what constituted âpublication.â Insurance companies have largely exempted coverage for data security breaches under new CGL policies, preferring to address those risks through specific cyber liability policies. However, the question of whether coverage exists for cyber incidents under older policies without such exclusions is still being decided in the courts. The insurance industry followed the issue closely, with two industry groups filing amicus briefs supporting Travelersâ appeal. The American Insurance Association and the Complex Insurance Claims Litigation Association said that coverage for cyber claims âcanât be shoehornedâ into standard CGL policy terms and said a âseparate, robustâ market exists for problems like those faced by Portal. By affirming the district courtâs decision, the trade groups wared the Fourth Circuit would âundermine the certainty and predictabilityâ intrinsic to the functioning of insurance markets. Attorneys defending Portal, however, argued that the existence of a cyber insurance market is irrelevant because the district court found room for coverage in the language of the Travelers policy. âIf a [general liability] insurer wants to push this type of risk into the cyber insurance realm, it needs to be clearer,â said attorney Tyler Gerking. Portal held two policies with Travelers covering electronic publication of certain materials from January 2012 to January 2014, court documents show. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160414/db8b9ad3/attachment-0001.html>
Current thread:
- Data breach covered under commercial general liability policy, court rules Audrey McNeil (Apr 14)