Data breach here, date breach there, data breach everywhere? Every day we are learning about the importance of and risks associated with cybersecurity. Those risks are not limited to big corporations or even the private sector. Schools, of all levels, are increasingly faced with cybersecurity-related questions and potential for liability, and they are beginning to seek coverage for those risks. But educational institutions as policyholders have issues in addition to those affecting large, company-wide databases that are usually considered when procuring cyberinsurance policies. Educational institutions as policyholders must ensure that any coverage they procure covers these risks. READ MORE
Alison Roffi is Orrick's Deputy General Counsel and is located in the New York Office.
Alison is responsible for providing counsel on the Firm's global legal affairs, including advising on matters related to corporate governance, claims, contracts, insurance, ethics, and risk management. Alison is also a member of Orrick’s Risk Management Committee, focusing her efforts on risk awareness and prevention through risk management training, internal Firm publications, and risk management audits.
Prior to assuming the role of Deputy General Counsel, Alison was a litigator in the Firm's Complex Litigation and Dispute Resolution group. Alison represented audit firms and accountants in regulatory proceedings as well as civil disputes. She has experience managing and conducting large scale internal investigations, liaising with regulators, and managing cross-border risk and liability. In addition to professional liability cases, Alison also defended financial institutions in lawsuits alleging claims related to RMBS transactions following the global financial crisis. Her practice also focused on representing the interests of policyholders in their navigation of issues with their insurers regarding coverage, claims, and recovery.
Posts by: Alison Roffi
As previously discussed, the question of whether Commercial General Liability (“CGL”) coverage applies to cyber-attacks or data breaches is a hot point of contention between policyholders and insurers. One of our cases to watch in 2015—Zurich American Insurance Company v. Sony Corporation of America—may resolve this question in New York shortly.
On February 25, 2015, a hearing was held in a closely-watched New York appeal involving coverage under CGL policies for privacy claims filed in the wake of a data breach.Zurich American Insurance Company v. Sony Corporation of America is pending in the New York Supreme Court Appellate Division. The Sony parties are represented by Richard DeNatale and Steve Foresta of Orrick’s Insurance group. They are seeking coverage under a clause that appears in all standard CGL policies and covers claims for “publication, in any manner, of material that violates a person’s right of privacy.” The lower court ruled that there was no duty to defend because the alleged publication of information was perpetrated by the hackers rather than by the policyholder. In their appeal, the Sony parties argue that this ruling is contrary to the plain language of the insurance policies. The hearing on February 25 lasted about 30 minutes, with active questioning from the panel of five justices. A decision from the Appellate Division is pending.