Insurance Coverage for Data Breaches and Privacy Violations: Are...
Transcript of Insurance Coverage for Data Breaches and Privacy Violations: Are...
![Page 1: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/1.jpg)
Insurance Coverage for Data
Breaches and Privacy Violations: Are Your
Corporate Clients Adequately Protected? Evaluating and Determining Coverage Under CGL, D&O, E&O and Specialty Cyber Policies
Today’s faculty features:
1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific
The audio portion of the conference may be accessed via the telephone or by using your computer's
speakers. Please refer to the instructions emailed to registrants for additional information. If you
have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.
TUESDAY, MAY 19, 2015
Presenting a live 90-minute webinar with interactive Q&A
Roberta D. Anderson, Partner, K&L Gates, Pittsburgh
Joshua A. Mooney, Partner, White and Williams, Philadelphia
William T. Um, Policyholder Counsel, Hunton & Williams, Los Angeles
![Page 2: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/2.jpg)
Tips for Optimal Quality
Sound Quality
If you are listening via your computer speakers, please note that the quality
of your sound will vary depending on the speed and quality of your internet
connection.
If the sound quality is not satisfactory, you may listen via the phone: dial
1-866-927-5568 and enter your PIN when prompted. Otherwise, please
send us a chat or e-mail [email protected] immediately so we can
address the problem.
If you dialed in and have any difficulties during the call, press *0 for assistance.
Viewing Quality
To maximize your screen, press the F11 key on your keyboard. To exit full screen,
press the F11 key again.
FOR LIVE EVENT ONLY
![Page 3: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/3.jpg)
Continuing Education Credits
For CLE purposes, please let us know how many people are listening at your
location by completing each of the following steps:
• In the chat box, type (1) your company name and (2) the number of
attendees at your location
• Click the SEND button beside the box
In order for us to process your CLE, you must confirm your participation by
completing and submitting an Official Record of Attendance (CLE Form) to
Strafford within 10 days following the program.
The CLE form is included in your dial in instructions email and in a thank you
email that you will receive at the end of this program.
Strafford will send your CLE credit confirmation within approximately 30 days of
receiving the completed CLE form.
For additional information about CLE credit processing call us at 1-800-926-7926
ext. 35.
FOR LIVE EVENT ONLY
![Page 4: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/4.jpg)
Program Materials
If you have not printed the conference materials for this program, please
complete the following steps:
• Click on the ^ symbol next to “Conference Materials” in the middle of the left-
hand column on your screen.
• Click on the tab labeled “Handouts” that appears, and there you will see a
PDF of the slides for today's program.
• Double click on the PDF and a separate page will open.
• Print the slides by clicking on the printer icon.
FOR LIVE EVENT ONLY
![Page 5: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/5.jpg)
Insurance Coverage for
Data Breaches and
Privacy Violations: Are
Your Corporate Clients
Adequately Protected?
May 19, 2015
STRAFFORD LIVE CLE WEBINAR
Presenters:
Roberta D. Anderson
Joshua A. Mooney
William T. Um
![Page 6: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/6.jpg)
William T. Um
Insurance Recovery Counsel
Hunton & Williams LLP
Roberta D. Anderson
Insurance Coverage &
Cybersecurity Partner
K&L Gates LLP
Joshua A. Mooney
Insurance Coverage &
Cyber Law Partner
White and Williams LLP
rdardardarrrrr
rdardardarrrrr
rdardardarrrrr
rdardardarrrrr
INTRODUCTIONS
6
![Page 7: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/7.jpg)
AGENDA Spectrum of Cyber Risk & Its Legal/Regulatory Framework
Trends in Data Breach Litigation and Liabilities
Target to Sony Pictures, & Expanding Regulatory Scrutiny
Defense Strategies
The Target Settlement
Potential Coverage Under “Legacy” Policies
Property Damage, Privacy, and Publication
The Sony Settlement
Specialty “Cyber” Policies
Third-Party Cyber Risks
First-Party Cyber Risks
Coverage Issues
Hypothetical Situations
Audience Q&A
7
![Page 8: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/8.jpg)
Roberta Anderson
K&L Gates
8
![Page 9: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/9.jpg)
• Malicious Attacks
– Advanced Persistent Threats
– Social Engineering
– Viruses, Trojans, DDoS attacks
• Data Breach/Unauthorized Access
• Software Vulnerability
(HeartBleed)
• System Glitches
• Employee Mobility
• Lost or Stolen Mobile and Other
Portable Devices
• Vendors/Outsourcing
(Function, Not the Liability)
• The Internet Of Things
• Human Error
“[T]here are only two types of companies: those that have been
hacked and those that will be. And even they are converging
into one category: companies that have been hacked and will be
hacked again.” - Robert S. Mueller, III
Director, FBI
SPECTRUM OF CYBER RISK
9
![Page 10: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/10.jpg)
K L G A T E S . C O M 10
![Page 11: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/11.jpg)
11
![Page 12: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/12.jpg)
Source: Ponemon Institute 2014 Cost of Data Breach
Study – Global
PRACTICAL RISK AND EXPOSURE
12
![Page 13: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/13.jpg)
Source:
Ponemon Institute LLC
Cost of Data Breach Study:
Global Analysis
(May 2014)
13
![Page 14: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/14.jpg)
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 14
![Page 15: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/15.jpg)
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 15
![Page 16: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/16.jpg)
LATEST LEGAL AND REGULATORY DEVELOPMENTS
• Federal Cybersecurity/Data Privacy Laws
– HIPAA/HITECH
– GLBA
– FTC Act
• State Cybersecurity/Data Privacy Laws/Consumer Protection
Statutes
– 47 States, D.C., & U.S. Territories Breach Notification Laws
– State Security Standards (MA, CA, CT, RI, OR, MD, NV)
• NIST Cybersecurity Framework
• Industry Standards, e.g., PCI DSS
• SEC Cybersecurity Risk Factor Guidance
– FCC Act
– FCRA/FACTA
16
![Page 17: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/17.jpg)
NIST Cybersecurity Framework—provides a common taxonomy and
mechanism for organizations to:
Describe their current cybersecurity posture;
Describe their target state for cybersecurity;
Identify and prioritize opportunities for improvement within the context of a
continuous and repeatable process;
Assess progress toward the target state;
Communicate among internal and external stakeholders about cybersecurity
risk.
The Framework is voluntary (for now)
NIST CYBERSECURITY FRAMEWORK
17
![Page 18: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/18.jpg)
NIST Unveils Cybersecurity Framework,
http://www.klgates.com/nist-unveils-cybersecurity-framework-02-17-2014/
85% of security
budgets
currently go here
According to
Gartner:
By 2020, 75% of
security budgets will
go towards detection
and response
18
NIST CYBERSECURITY FRAMEWORK
![Page 19: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/19.jpg)
“PCI DSS provides a baseline of technical and operational
requirements designed to protect cardholder data.”
19
PCI DSS
![Page 20: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/20.jpg)
“[A]ppropriate disclosures may include”:
“Discussion of aspects of the registrant's business or operations that give rise to
material cybersecurity risks and the potential costs and consequences”;
“To the extent the registrant outsources functions that have material cybersecurity
risks, description of those functions and how the registrant addresses those risks”;
“Description of cyber incidents experienced by the registrant that are individually, or
in the aggregate, material, including a description of the costs and other
consequences”;
“Risks related to cyber incidents that may remain undetected for an extended
period”; and
“Description of relevant insurance coverage.”
SEC CYBERSECURITY
Cybersecurity: Five Tips to Consider When Any Public Company Might be the Next Target,
http://media.klgates.com/klgatesmedia/epubs/GBR_July2014/
20
![Page 21: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/21.jpg)
“We note that your network-security insurance coverage is
subject to a $10 million deductible. Please tell us whether
this coverage has any other significant limitations. In
addition, please describe for us the 'certain other coverage'
that may reduce your exposure to Data Breach losses.”
Target Form 10-K (March 2014)
SEC CYBERSECURITY
21
![Page 22: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/22.jpg)
“We note your disclosure that an unauthorized party was
able to gain access to your computer network 'in a prior
fiscal year.' So that an investor is better able to understand
the materiality of this cybersecurity incident, please revise
your disclosure to identify when the cyber incident occurred
and describe any material costs or consequences to you as
a result of the incident. Please also further describe your
cyber security insurance policy, including any material limits
on coverage.”
Alion Science and Technology Corp. S-1 filing (March 2014)
SEC CYBERSECURITY
22
![Page 23: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/23.jpg)
“Given the significant cyber-attacks that are occurring with
disturbing frequency, and the mounting evidence that
companies of all shapes and sizes are increasingly under a
constant threat of potentially disastrous cyber-attacks,
ensuring the adequacy of a company's cybersecurity
measures needs to be a critical part of a board of director's
risk oversight responsibilities . . . .
Thus, boards that choose to ignore, or minimize, the
importance of cybersecurity oversight responsibility, do so
at their own peril.”
Luis Aguilar, SEC Commissioner, speech given at NYSE June 10, 2014
SEC CYBERSECURITY
23
![Page 24: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/24.jpg)
24
FTC CYBERSECURITY
![Page 25: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/25.jpg)
25
FTC CYBERSECURITY
![Page 26: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/26.jpg)
William T. Um
Hunton & Williams
Joshua Mooney
White and Williams 26
![Page 27: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/27.jpg)
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
Speed of lawsuit filings after breach notification
Plaintiffs’ continuing struggle to allege compensable damages –
standing issues
“Fear of identity theft” as potential damage claim
Class certification issues
Statutory violations as potential damages
New type of claims beyond claims against financial institutions
and retailers
Growth area for lawyers?
27
![Page 28: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/28.jpg)
TARGET – watershed moment for executives
Consumer/Derivative Class Action Lawsuits
Target 2014 Earnings Report
Net Expense: $145 million
Gross Expense: $191 million
Insurance Receivables: $46 million
“I don’t see how they’re getting out of this for under a billion, over
time.”
-- John Kindervag, V.P. and Principal Analyst, Forrester Research
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
28
![Page 29: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/29.jpg)
THE TARGET SETTLEMENTS
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
29
![Page 30: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/30.jpg)
Class Actions Consumers and Employees
Increased Risk of Identity Theft, Credit Monitoring Costs
Loss of Value of PII
Statutes (CCRA, CoMIA), Invasion of Privacy
Negligence, State Unfair Trade Practices Acts
Financial Institutions Target settles with MasterCard for $18 million
Non-Financial Institution/Retailer Actions Theft of trade secrets/intellectual property
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
30
![Page 31: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/31.jpg)
Expanding Regulatory Scrutiny
FTC In re Wyndam Hotels
SEC Materiality for disclosures
FCC In re Terracom, Inc.: FCC exercising its regulatory authority
of telecommunication carrier
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
31
![Page 32: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/32.jpg)
Defense Strategies: Article III Standing
Standing:
A plaintiff must allege an actual injury or one
that is concrete and imminent, i.e., “concrete
and particularized,” and
Causation – traceability of the alleged injury to
the breach
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
32
![Page 33: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/33.jpg)
Actual Injury
Forgiven fraudulent or reimbursed charges are not actual
injuries
Galaria v. Nationwide Mut. Ins. Co.
Threat or increased risk of identity theft are not an actual
injuries
In re Science Applications Int’l Corp.
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
33
![Page 34: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/34.jpg)
Imminent Injury
Increased risk of identity theft is not enough
“[Plaintiffs] claim that they are 9.5 times more likely than the
average person to become victims of identity theft. That
increased risk, they maintain, in and of itself confers standing.
But as Clapper makes clear, that is not true. The degree by which
the risk of harm has increased is irrelevant — instead, the
question is whether the harm is certainly impending.”
-- In re Science Applications Int’l Corp.
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
34
![Page 35: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/35.jpg)
Imminent Injury
Even Risk with “rational” fear is not enough
“[I]t is reasonable to fear the worst in the wake of such a [data]
theft, and it is understandably frustrating to know that the safety
of your most personal information could be in danger. The
Supreme Court, however, has held that an “objectively
reasonable likelihood” of harm is not enough to create standing .
. . Plaintiffs thus do not have standing based on risk alone, even
if their fears are rational.”
-- In re Science Applications Int’l Corp.
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
35
![Page 36: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/36.jpg)
Imminent Injury
Costs of credit-monitoring services, alone, is not enough
“The cost of guarding against a risk is an injury sufficient to
confer standing only if the underlying harm the plaintiff is
seeking to avoid is itself a cognizable Article III injury.”
-- Remijas v. The Nieman Marcus Group LLC
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
36
![Page 37: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/37.jpg)
Imminent Injury
Concrete and Particularized Injury
-- Was the PII targeted?
“Not only did the hackers deliberately target Adobe's servers, but
Plaintiffs allege that the hackers used Adobe's own systems to
decrypt customer credit card numbers. ... Indeed, the threatened
injury here could be more imminent only if Plaintiffs could allege
that their stolen personal information had already been
misused.”
-- In re Adobe Sys Inc. Privacy Litig.
TRENDS IN DATA BREACH
LITIGATION AND LIABILITIES
37
![Page 38: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/38.jpg)
Joshua Mooney
White and Williams
Roberta Anderson
K&L Gates 38
![Page 39: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/39.jpg)
COVERAGE A: “PROPERTY
DAMAGE” a. Physical injury to tangible property, including all resulting
loss of use of that property. All such loss of use shall be
deemed to occur at the time of the physical injury that
caused it; or
b. Loss of use of tangible property that is not physically
injured. All such loss of use shall be deemed to occur at the
time of the “occurrence” that caused it.
Financial Institution Litigation:
Does the loss of use of credit/debit cards and the need to
replacement them constitute “property damage” under
CGL policies?
39
![Page 40: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/40.jpg)
COVERAGE B: “PERSONAL
AND ADVERTISING INJURY”
Coverage B provides coverage for damages because of
“personal and advertising injury”
Personal and Advertising Injury” is defined in part as injury
arising out of “[o]ral or written publication, in any manner, of
material that violates a person’s right of privacy
40
![Page 41: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/41.jpg)
COVERAGE B: “A PERSON’S
RIGHT OF PRIVACY”
Some courts hold that “privacy” means both the right of secrecy
(publicity to private life) and the right to be left alone (intrusion
upon seclusion)
Some courts hold that “privacy” only means the right of secrecy
and does not include the right to be left alone
41
![Page 42: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/42.jpg)
Courts Interpret “Publication” Differently.
Some require dissemination to the public at large
Some merely require dissemination to a third party
Some do not require dissemination at all
COVERAGE B: “PUBLICATION”
42
![Page 43: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/43.jpg)
Recall Total Information v. Federal Ins. Co.
“Regardless of the precise definition of publication, we believe that
access is a necessary prerequisite to the communication or
disclosure of personal information. In this regard, the plaintiffs have
failed to provide a factual basis that the information on the tapes was
ever accessed by anyone.”
COVERAGE B: “PUBLICATION”
43
![Page 44: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/44.jpg)
Travelers Indem. v. Portal Healthcare Solutions
“Publication occurs when information is ‘placed before the
public,’ not when a member of the public reads the information
placed before it. By Travelers’ logic, a book that is bound and
placed on the shelves of Barnes & Noble is not ‘published’ until a
customer takes the book off the shelf and reads it. . . . [This] does
not comport with the term’s plain meaning, and the medical
records were published the moment they became accessible to
the public via an online search. ”
COVERAGE B: “PUBLICATION”
44
![Page 45: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/45.jpg)
Zurich Am. Ins. Co. v. Sony Corp., No. 651982/2011
(N.Y. Supr. Ct. Feb. 21, 2014)
Must the Insured do the Publishing
Publication is akin to “Pandora’s Box”
Phrase “in any manner” does not alter meaning of
“publication”
SONY CORP
45
![Page 46: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/46.jpg)
POTENTIAL LIMITATIONS
46
![Page 47: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/47.jpg)
ISO states that “when this endorsement is attached, it will result in a reduction of coverage due to the deletion of an exception with respect to damages because of bodily injury arising out of loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data.”
POTENTIAL LIMITATIONS
47
![Page 48: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/48.jpg)
48
POTENTIAL LIMITATIONS
![Page 49: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/49.jpg)
Directors' and Officers' (D&O)
Errors and Omissions (E&O)/Professional Liability
Employment Practices Liability (EPL)
Fiduciary Liability
Crime
Retail Ventures, Inc. v. National Union Fire Ins. of Pittsburgh, Pa., 691 F.3d 821
(6th Cir. 2012) (DSW covered for expenses for customer communications, public
relations, lawsuits, regulatory defense costs, and fines imposed by Visa and
Mastercard under the computer fraud rider of its blanket crime policy)
Property
Commercial General Liability (CGL)
COVERAGE UNDER OTHER
“LEGACY” POLICIES
49
![Page 50: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/50.jpg)
Roberta Anderson
K&L Gates
50
![Page 51: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/51.jpg)
KLG ATES .COM back
REMEMBER THE
SNOWFLAKE
![Page 52: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/52.jpg)
• Privacy and Network Security
– Generally Covers Third-Party Liability Arising from Data Breaches and Other Failures to
Protect Confidential, Protected Information, as well as Liability Arising from Security
Threats to Networks, e.g., Transmission of Malicious Code
– Questions:
– Coverage for the Acts, Errors, Omissions of Third Parties, e.g., Vendors?
– Coverage for Data in the Care, Custody, Control of Third Parties, e.g., Cloud Providers?
– Coverage for Proliferating and Expanding Privacy Laws/Regulations?
– Coverage for Data in Any Form, e.g., Paper Records?
– Coverage for Confidential Corporate Data, e.g., Third-Party Trade Secrets?
– Coverage for “Rogue” Employees?
– Coverage for Wrongful Collection of Data?
– Coverage for TCPA Violations?
THIRD-PARTY COVERAGE
52
![Page 53: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/53.jpg)
• Regulatory Liability
– Generally Covers Amounts Payable in Connection with Administrative or Regulatory
Investigations
– Questions:
– Coverage for Fines and Penalties?
– Coverage for Consumer Redress Funds?
– Regulatory Exclusion Carve Backs?
– Sufficient Sublimit?
• PCI-DSS Liability
– Generally Covers Amounts Payable in Connection with PCI Demands for Assessments,
Including Contractual Files and Penalties, for Alleged Non-compliance with PCI Data
Security Standards
THIRD-PARTY COVERAGE
53
![Page 54: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/54.jpg)
• Media Liability
– Generally Covers Third-Party Liability Arising from Infringement of Copyright and Other
Intellectual Property Rights, and Torts Such as Libel, Slander, and Defamation Arising
from the Insured's Media Activities, e.g., Broadcasting and Advertising
– Questions:
– Coverage for “Rogue” Employees?
– Coverage for Media Content in Any Form, e.g., Printed Publications, or Limited to Digital
Media Content?
– Coverage Limited to Certain Locations of Media Content Display, e.g., on the Insured's
Website or Social Media Sites?
– Coverage for Liability Arising out of the Insured's Own Advertising Activities?
– “Occurrence”-Based or Claims Made Coverage?
– Appropriate for Media Companies?
THIRD-PARTY COVERAGE
54
![Page 55: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/55.jpg)
• Third-Party Bodily Injury and Property Damage ~$100M [T]his policy will drop down and pay Loss caused by a Security Failure [a failure or
violation of the security of a Computer System that: (A) results in, facilitates or fails
to mitigate any: (i) unauthorized access or use; (ii) denial of service attack; or (iii)
receipt, transmission or behavior of a malicious code] that would have been covered
within an Underlying Policy, as of the inception date of this policy, had one or more
of the following not applied:
A. a Cyber Coverage Restriction [a limitation of coverage in an Underlying
Policy expressly concerning, in whole or in part, the security of a Computer
System (including Electronic Data stored within that Computer System)];
and/or
B. a Negligent Act Requirement [a requirement in an Underlying Policy that
the event, action or conduct triggering coverage under such Underlying
Policy result from a negligent act, error or omission].
DIC COVERAGE
55
![Page 56: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/56.jpg)
KLG ATES .COM
AVOID THE TRAPS
56
![Page 57: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/57.jpg)
57
![Page 58: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/58.jpg)
POLICY EXAMPLE 1
58
![Page 59: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/59.jpg)
POLICY EXAMPLE 2
59
![Page 60: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/60.jpg)
POLICY EXAMPLE 2
60
![Page 61: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/61.jpg)
61
![Page 62: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/62.jpg)
62
POLICY EXAMPLE 1
![Page 63: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/63.jpg)
63
POLICY EXAMPLE 1
![Page 64: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/64.jpg)
64
POLICY EXAMPLE 2
![Page 65: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/65.jpg)
65
POLICY EXAMPLE 2
![Page 66: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/66.jpg)
66
POLICY EXAMPLE 3
![Page 67: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/67.jpg)
67
POLICY EXAMPLE 3
![Page 68: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/68.jpg)
68
![Page 69: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/69.jpg)
69
POLICY EXAMPLE 1
![Page 70: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/70.jpg)
70
POLICY EXAMPLE 1
![Page 71: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/71.jpg)
71
POLICY EXAMPLE 2
![Page 72: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/72.jpg)
72
POLICY EXAMPLE 2
![Page 73: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/73.jpg)
73
![Page 74: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/74.jpg)
Any member of the “Control Group.” e.g., CEO, CFO ,RM, CRO, CIO, GC
74
POLICY EXAMPLE
![Page 75: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/75.jpg)
![Page 76: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/76.jpg)
76
POLICY EXAMPLE 1
![Page 77: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/77.jpg)
77
POLICY EXAMPLE 2
![Page 78: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/78.jpg)
78
POLICY EXAMPLE 3
![Page 79: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/79.jpg)
Request a “Retroactive Date”
of at Least a Year
79
![Page 80: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/80.jpg)
BEWARE THE
FINE
REMEMBER THE DEVIL IS IN THE DETAILS
80
![Page 81: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/81.jpg)
EXPOSURE.
YOUR.
UNDERSTAND AND COMMUNICATE.
81
![Page 82: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/82.jpg)
William T. Um
Hunton & Williams
82
![Page 83: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/83.jpg)
SPECIALTY “CYBER” POLICIES
– FIRST PARTY Information Asset Coverage
Coverage for damage to or theft of the insured’s own systems and
hardware, and may cover the cost of restoring or recreating stolen or
corrupted data.
Legal Fees – notification
Network Interruption And Extra Expense (and CBI)
Coverage for business interruption and extra expense caused by
malicious code , DDoS attacks, unauthorized access to, or theft of,
information, and other security threats to networks.
83
![Page 84: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/84.jpg)
Extortion Coverage for losses resulting from extortion (payments of an
extortionist’s demand to prevent network loss or implementation of a
threat)
Crisis Management/Public Relations
Costs to retain PR/Crisis Mgmt firm to protect and to restore
policyholder’s reputation
Credit Monitoring/call center expenses
84
SPECIALTY “CYBER” POLICIES
– FIRST PARTY
![Page 85: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/85.jpg)
Each legacy policy has its own coverage issues
Different products in the market
New insurance products can fill gaps
Need to evaluate the nature of risks for which coverage is needed
Need to tailor policies to actual cyber operations and dependencies
Need to make it part of an entire insurance
program
85
TIPS FOR A SUCCESSFUL
PLACEMENT
![Page 86: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/86.jpg)
86
![Page 87: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/87.jpg)
FIRST COVERAGE DISPUTE
INVOLVING CYBER POLICY? Travelers Property v. Federal Recovery Services, Inc.
District Court for the District of Utah (May 11, 2015)
“CyberFirst” Policy
No duty to defend policyholder
Precedent setting?
Sign of things to come?
87
![Page 88: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/88.jpg)
OTHER EMERGING COVERAGE
ISSUES Appointment of Defense Counsel/Forensics Panel
The Duty to Cooperate
Misrepresentation/Concealment in the Underwriting
Retroactive date
Reimbursement of Defense Costs
Other Insurance
Fraudulent or stretched claims
88
![Page 89: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/89.jpg)
HYPOTHETICAL #1
A Company with third-party cyber insurance, but not
first-party insurance, suffers a data breach. The GC
does not want to hire counsel or ascertain its notification
requirements, believing notification = litigation.
89
![Page 90: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/90.jpg)
HYPOTHETICAL #2
Company obtains cyber insurance, providing during the
application and underwriting process evidence of
security protocols, DPPs with employees and DPAs with
vendors. The company suffers a data breach. While
providing crisis management response coverage, the
insurer learns that data and security protocols were
openly ignored or did not exist.
90
![Page 91: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/91.jpg)
HYPOTHETICAL #3
A Company has its computer systems seized receives a
ransom demand to wire $20,000 within 5 hours or else
its data will be deleted.
The Company pays within the hour, but prior to
reporting to the Insurer
The Company has no coverage, refuses, and the data
is lost, shutting down its business.
91
![Page 92: Insurance Coverage for Data Breaches and Privacy Violations: Are …media.straffordpub.com/products/insurance-coverage-for... · 2015-05-18 · Continuing Education Credits For CLE](https://reader035.fdocuments.net/reader035/viewer/2022070801/5f0291537e708231d404e857/html5/thumbnails/92.jpg)
HYPOTHETICAL #4
Company’s website publishes unflattering content and
the company is sued for defamation. The insured has
both media coverage under cyber insurance and a CGL
policy issued by another carrier.
92