NEWS & EVENTS

Data Breach Coverage Under a CGL Policy

10/07/2014

Hardly a day goes by without news of another company hit by a “data breach.” Target, Michaels, Home Depot, Jimmy John’s, JP Morgan, the list goes on and on. A data breach can be financially devastating to a company, particularly where that breach leads to a lawsuit by the affected parties. This reality has companies scrambling to understand what insurance coverage, if any, they may have for such a loss. One common form of insurance policy carried by almost every company is a commercial general liability (“CGL”) policy. The following are 10 key considerations to keep in mind when evaluating the existence of coverage for a data breach claim under a CGL policy:

  1. A CGL policy covers claims for “property damage,” which means physical damage to tangible property not, according to many courts, loss of intangible data.
  2. A CGL policy excludes coverage for “property damage” to property in the care, custody or control of the insured which, according to some courts, includes data an insured maintains.
  3. A CGL policy covers claims for “personal and advertising injury,” including publication of material that violates a person’s right of privacy, which under the right circumstances might encompass a data breach claim.Data_Breach_Top_10_CGL_Larson_King
  4. A CGL policy excludes coverage for “personal and advertising injury” arising out of a breach of contract, which might encompass a data breach claim where there is a contractual agreement to maintain the privacy and security of the data
  5. Most CGL policies only cover “property damage” that occurs during the policy period or “personal and advertising injury” that is caused by an offense committed during the policy period.
  6. Many CGL policies issued after 2001, in defining “property damage,” provide that electronic data is not tangible property.
  7. Many CGL policies issued after 2004 include an exclusion under the “property damage” portion of the policy for damages arising out of the loss of use of electronic data.
  8. Many CGL policies issued after 2007 include an exclusion for “personal and advertising injury” arising out of any violation of federal, state or local law that addresses or prohibits the dissemination of information, which might encompass a data breach claim under some circumstances.
  9. Most of the current CGL policies contain even broader exclusions, most of which are yet to be tested by the courts, aimed at completely eliminating any coverage for data breach claims.
  10. Read your policy to see what it actually says, because policy language can differ from insurer to insurer and year to year.

Download this Top Ten list as a PDF.

For more information contact John Bjorkman or David Linder

        

jbjorkman@larsonking.com
phone 651-312-6511
fax 651-312-6618
tollfree 1-877-373-5501
Download V-Card

         dlinder@larsonking.com
phone 651-312-6507
fax 651-312-6618

tollfree 1-877-373-5501
Download V-Card

Larson • King’s Cyber Risk Management and Cyber Liability practice

At Larson • King, we have made it our business to study and understand the growing threat of cyber-liability to our clients in the financial services, insurance, retail, and healthcare sectors. This deep understanding, coupled with our experience as pioneers in the defense of companies in areas where the standards and regulatory environment is new and constantly evolving makes us uniquely suited to the area of cyber risk. Read more.

<< Back to News