• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

McCarter & English Logo

  • People
  • Services
  • Insights
  • Our Firm
    • Leadership Team
    • Social Justice
    • Diversity, Equity & Inclusion
    • Pro Bono
    • Client Service Values
    • Alumni
  • Join Us
    • Lawyers
    • Summer Associates
    • Patent Professionals
    • Professional Staff
    • Job Openings
  • Locations
    • Boston
    • Philadelphia
    • East Brunswick
    • Indianapolis
    • Stamford
    • Hartford
    • Trenton
    • Miami
    • Washington, DC
    • New York
    • Wilmington
    • Newark
  • Share

Share

Browse Alphabetically:

  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H
  • I
  • J
  • K
  • L
  • M
  • N
  • O
  • P
  • Q
  • R
  • S
  • T
  • U
  • V
  • W
  • X
  • Y
  • Z
  • All
Bankruptcy, Restructuring & Litigation
Blockchain, Smart Contracts & Digital Currencies
Business Litigation
Cannabis
Coronavirus Resource Center
Corporate
Crisis Management
Cybersecurity & Data Privacy
Delaware Corporate, LLC & Partnership Law
Design, Fashion & Luxury
E-Discovery & Records Management
Energy & Utilities
Environment & Energy
Financial Institutions
Food & Beverage
Government Affairs
Government Contracts & Global Trade
Government Investigations & White Collar Defense
Healthcare
Hospitality
Immigration
Impact Investing
Insurance Recovery, Litigation & Counseling
Intellectual Property
Labor & Employment
Life Sciences
Manufacturing
Products Liability, Mass Torts & Consumer Class Actions
Public Finance
Real Estate
Renewable Energy
Sports & Entertainment
Tax & Employee Benefits
Technology Transactions
Transportation, Logistics & Supply Chain Management
Trusts, Estates & Private Clients
Venture Capital & Emerging Growth Companies
  • Broadcasts
  • Events
  • News
  • Publications
  • View All Insights
Search By:
Insights Publication Magazine Stack
Main image for Fourth Circuit Finds Insurer Must Defend Data Breach Claims Against Its Insured Under Its Standard CGL Policy
Publications|Alert

Fourth Circuit Finds Insurer Must Defend Data Breach Claims Against Its Insured Under Its Standard CGL Policy

Cybersecurity & Data Privacy Alert

4.13.2016

Commercial General Liability policies have, for several decades, included advertising and personal injury coverage. Such coverage is afforded for injury caused by various enumerated offenses, including breach of privacy. Although the precise terms of CGL policies vary, under some policies covered offenses include publication of material that discloses information about, or gives unreasonable publicity to, a person’s private life. What it means to advertise or publish often gives rise to disputes between insurers and their policyholders, with insurers often arguing that these terms require widespread and intentional dissemination of information by a policyholder. On April 11, 2016, the Fourth Circuit Court of Appeals held otherwise, concluding that when private data can be retrieved from the Internet, it constitutes “publication,” triggering an insurer’s duty to defend even where there is no allegation that the policyholder publicized the data and/or that the data was actually accessed by the public. As Joe Fields, the Insurance Coverage Group’s Special Counsel reported to Law360 (Insurance), the ruling bolsters policyholders’ claims for coverage given the Court’s express finding that, when private data can be retrieved from a public server, there has been a publication.

When patients found their private medical records online following their own Google search, they filed a class action lawsuit against Portal Healthcare Solutions, LLC, alleging that Portal was liable for posting confidential medical records on the Internet. Portal sought a defense from its insurer, Travelers Indemnity Co. of America, who instead sued Portal in the Eastern District of Virginia (No. Civ. 1:13-cv-917 (GBL)), seeking a declaration that it owed no coverage to Portal for the class action. Both Portal and Travelers moved for summary judgment as to Travelers’ defense obligations. Travelers argued that “publication” involved more than placing the private information before the public, noting that no third party was alleged to have viewed the information. The District Court observed that publication was not a defined term in Travelers’ policies. They provided, however, that Travelers was legally obligated to pay damages due to injury arising from (1) the “electronic publication of material that … gives unreasonable publicity to a person’s private life” (the language found in the 2012 policy) or (2) the “electronic publication of material that … discloses information about a person’s private life” (the language found in the 2013 policy). The Court explained that under Virginia law, the duty to defend is broader than the duty to indemnify, and observed that an insurer’s coverage obligations can be discerned by comparing its policy’s provisions to the allegations of the complaint. In so doing, the District Court explained that the policies contain two relevant prerequisites to coverage. First, the policies require an electronic publication of material. Second, they require that the published material give “unreasonable publicity” to, or “disclose” information about, a person’s private life. Using this framework, the Court found that publication occurs when information “is placed before the public” and that the policies contained no requirement that third parties access it. The District Court therefore granted Portal’s motion for summary judgment.

The Fourth Circuit affirmed in a written opinion adopting the reasoning of the District Court. The Court of Appeals noted the “sound legal analysis” employed by the District Court, and explained that Travelers’ efforts to parse alternative dictionary definitions of publication could not absolve it of its duty to defend Portal. The Court of Appeals, indeed, reminded that when construing insurance policies’ terms, courts must resolve all doubt as to their meaning in favor of an interpretation which grants coverage, not withholds it.

The takeaway here is that all companies should evaluate the extent to which their insurance programs contain data breach coverage before an actual or suspected breach occurs. Notwithstanding the Fourth Circuit’s ruling, law in this area remains fact-specific and mixed. Moreover, some insurers have issued policy endorsements limiting personal and advertising injury coverage for offenses relating to breach of privacy and disclosure of confidential information. Many insurers also offer cyber policies and endorsements to respond to these types of risks. If you have questions or concerns, McCarter & English’s Cybersecurity and Data Privacy Task Force is happy to help. McCarter & English’s Insurance Coverage Group also regularly reviews insurance policies to evaluate the scope of existing coverage relative to cybersecurity and data breach risks.

sidebar

pdfemail

Related People

Adam Budesheim
Gregory H. Horowitz
Anthony Bartell
Scott S. Christie
Joann M. Lytle
Sherilyn Pastor
Thomas W. Ladd
Steven H. Weisman

Related Services

Cybersecurity & Data Privacy
Insurance Recovery, Litigation & Counseling
Subscribe to our Insights
McCarter & English, LLP
Copyright © 2023 McCarter & English, LLP. All Rights Reserved.
  • Login
  • Attorney Advertising
  • Privacy
  • Awards Methodology
  • Contact
  • Subscribe
  • Sitemap

The McCarter & English, LLP website is for informational purposes only. We do not provide legal advice on this website. We can provide legal advice only to our clients in specific inquiries that they address to us. If you are interested in becoming a client, please contact us, but do not send any information about your specific legal question. We cannot serve as your lawyers until we establish an attorney-client relationship, which can occur only after we follow procedures within our firm and after we agree to the terms of the representation.

Accept Cancel