Will Your Insurance Cover a Data Breach Arising from COVID-19? Review the Policy to Plan Your Claims Now

Mar 25, 2020 | Attorney Article

It has not escaped the notice of hackers and bad state actors who may work with them that millions of Americans are now working from home, increasing the targets for these actors exponentially. Insurance carriers are preparing the onslaught of privacy violation claims and have shown recently that they will strictly adhere to the language of the relevant policies in determining whether to provide coverage. Insured businesses should prepare for denials of coverage and two recent cases will help them fight and, in some cases, win.

Two cases decided in recent weeks have provided ammunition for policyholders to take on carriers who decline coverage or defense of claims, and may indicate that courts will have little patience, in this time of national emergency, with insurance carriers who attempt to deny coverage by engaging in semantics resulting from ambiguities in policies the carriers wrote.

On March 16, 2020 the Ninth Circuit, in Brighton Collectibles v. Lloyds, No. 18-56403, D.C. No.: 2:28-cv-01107, the court reversed the District Court’s finding that the carrier did not have a duty to defend a claim that the insured sold personal information in violation of California’s Song-Beverly Credit Card Act. The carrier relied upon an exclusion for publishing by the business, despite another provision of the policy that provided coverage for injury arising from publication of information that violates a person’s right of privacy. The Ninth Circuit held that the insurer’s reliance upon the distinction between “publication” and “publishing” would effectively eliminate all coverage for any violation of privacy, which would be contrary to the express provision of privacy coverage in the text of the policy.

Four days later, on March 20, 2020 the Appellate Court of Illinois, First District, 2020 IL App (1st) 191834, employed similar logic in its opinion in West Bend Mutual Insurance Company v. Krishna Schaumberg Tan, Inc., et. al., Here the carrier denied coverage for a claim that Krishna disclosed fingerprints to a vendor without the data subject’s consent in violation of the state’s Biometric Information Privacy Act. The carrier brought an action for a declaration that it owned no duty to defend the action because of an exclusion for injury arising from violation of statutes “that govern … methods of sending material of information,” though the policy also contained a provision that afforded coverage for “publication of material that violates a person’s right of privacy.” “Publication” was not defined in the policy and the court, reading the policy as a whole, agreed with the policyholder that the provision of fingerprints to the vendor was a publication that triggered coverage because “undefined terms will be given their plain, ordinary and popular meanings.” The exclusion, on the other hand, was phrased to indicate that the statutes in the exclusion covered methods of sending information, not privacy violations from the content of that information and thus did not preclude coverage.

While two cases do not necessarily indicate a judicial trend they indicate that in this time of national emergency courts will have little patience for carriers’ reliance on internally inconsistent policies and semantics to deny coverage. Policyholders should review their insurance policies with counsel now to prepare to contest such denials.

If you would like assistance in reviewing your insurance picture with regard to potential losses arising from COVID-19, please contact Kenneth N. Rashbaum or Marc Dedman.



Identify the Business Risks from COVID-19 to Manage Them (MAR 05, 2020)
Can a Virus Spread from Your Employees to the Company’s Computers? Preparing the Company for Secure Remote Work (MAR 06, 2020)
Coronavirus Could Impact Your Business—But Will Your Insurance Policy Cover the Loss? (MAR 09, 2020)
Deciding Whether to Assert That Coronavirus Excuses Contract Nonperformance (MAR 10, 2020)
When Prepping for COVID-19, Don’t Forget About Laws Not Typically Associated with Office Workers (MAR 11, 2020)