Many non-cyber policies include data breach exclusions, but few cases have addressed their scope. In a recent case, a federal district court rejected an insurer’s broad interpretation of the term “data” as it was used in data breach exclusions in a multimedia liability policy. In Ellicott City Cable, the insurer contended that satellite television programming was “data” within the meaning of the exclusions. The court found the term ambiguous, construed the ambiguity against the insurer, and ruled that the underlying lawsuit triggered the insurer’s duty to defend. While the case did not involve a data breach, the decision demonstrates that data breach exclusions should be narrowly construed and also offers helpful guidance about interpreting the term “data” if it is undefined in a policy.
The underlying case involved a distribution arrangement between Ellicott City Cable and DirecTV, whereby Ellicott City Cable distributed satellite television programming to its customers. Apparently Ellicott City Cable was overzealous in serving its customers and allegedly distributed DirecTV’s programming beyond the scope of the contracts. DirecTV sued Ellicott City Cable, alleging that Ellicott City Cable fraudulently obtained and distributed DirecTV’s programming.
As previously discussed, the question of whether Commercial General Liability (“CGL”) coverage applies to cyber-attacks or data breaches is a hot point of contention between policyholders and insurers. One of our cases to watch in 2015—Zurich American Insurance Company v. Sony Corporation of America—may resolve this question in New York shortly.
On February 25, 2015, a hearing was held in a closely-watched New York appeal involving coverage under CGL policies for privacy claims filed in the wake of a data breach.Zurich American Insurance Company v. Sony Corporation of America is pending in the New York Supreme Court Appellate Division. The Sony parties are represented by Richard DeNatale and Steve Foresta of Orrick’s Insurance group. They are seeking coverage under a clause that appears in all standard CGL policies and covers claims for “publication, in any manner, of material that violates a person’s right of privacy.” The lower court ruled that there was no duty to defend because the alleged publication of information was perpetrated by the hackers rather than by the policyholder. In their appeal, the Sony parties argue that this ruling is contrary to the plain language of the insurance policies. The hearing on February 25 lasted about 30 minutes, with active questioning from the panel of five justices. A decision from the Appellate Division is pending.
Happy New Year! For a sneak peek at the developments the year may bring to the legal landscape for insurance policyholders, here are five cases worth watching in 2015:
- Fluor Corporation v. Superior Court (Hartford Accident and Indemnity Company), No. S205889 (Cal. filed Oct. 10, 2012)
The California Supreme Court likely will issue its long-awaited decision in Fluor and, in doing so, may overturn its controversial 2003 decision concerning the assignment of insurance policies to successor corporations in Henkel Corporation v. Hartford Accident and Indemnity Company, 29 Cal. 4th 934 (2003). If the Court overturns Henkel,California would join the majority of states that permit a successor corporation to recover under the predecessor’s liability insurance policies for pre-assignment liabilities, regardless of a “no-assignment” provision in the policies. The Fluor case has been fully briefed for more than a year, and many California attorneys expected the Court to issue its decision in 2014. In the interim, California Governor Jerry Brown has recently appointed two new justices to the Court, which some commentators believe may push the court in a more liberal direction and could affect the Court’s decision. READ MORE