Dave, this is a big stretch of the intent of the coverage. In this age of cyber attacks and vulnerability of businesses, the courts may not like the results of their ruling since companies will react and not offer coverage to insured’s they formerly had no problem with. Excess/Surplus lines here they come.
wait – i’m confused. why would companies not offer coverage when they could just adopt “ISO endorsements deleting invasion of privacy-related offenses from the definition of personal and advertising injury applicable to Coverage B and addressing access or disclosure of confidential or personal information”?
wouldn’t carriers just keep writing these risks and require the iso endorsement the article indicated was being used now to ensure carriers aren’t liable if these situations happen again??
Agent, the court’s ruling isn’t a stretch at all. The definition of personal and advertising injury is pretty clear in regards to oral or written publications as they pertain to a persons right to privacy. Unless Traveler’s had an exclusion on the policy that the court is ignoring and the article is not mentioning. I find it hard to believe Traveler’s intent was not to provide coverage in a situation like this. If they did not intend to provide coverage…wow…someone is in big trouble!
In addition, this case has nothing to do with cyber attacks or vulnerability. Although, I suppose having staff that makes this kind of mistake could be considered a vulnerability, I’ll grant. The paragraph titled Publicity Arguement states pretty clearly that Portal placed the private information online. The title of the article is a little misleading by calling this a data breach…I wouldn’t call this a breach.
Dave, I don’t know. I wouldn’t have expected it to be their intent; but, they did not exclude it. Regardless, given the clarity of the unendorsed form, I don’t believe the court can rule in favor of Traveler’s based on an intent stated after a claim was filed. From what little information we have, there is no indication that Traveler’s had any intent to exclude coverage, only the conjecture of we armchair quarterbacks. Are you suggesting the contract should be ignored in favor of Traveler’s stated intent after a claim has occurred?
April 13, 2016 at 5:21 pm
Dave says:
Like or Dislike:
5
0
I see your point Bill. Insurance being contacts of adhesion means any ambiguity will be found against the party who wrote the contract, hence the insurer. It should, be obvious the intent to cover is not there. It;s why there are separate cyber liability policies available. The industry probably needs to rewrite the policy to remove the ambiguity which I’m sure will be done quickly.
April 14, 2016 at 3:39 pm
insurance_guy says:
Like or Dislike:
4
0
Travelers’ intent runs counter the the explicit language of the policy. Clearly the insured would win in that case. Ambiguity is generally ruled in favor of the insured. The burden is on Travelers to ensure they tighten their language.
April 12, 2016 at 10:20 am
Insurance Geek says:
Well-loved. Like or Dislike:
12
2
We don’t know if this is a rewriting of the “intent” of the policy language because ISO won’t tell us the intent. In their own admission, they leave policy language interpretation to individual companies and the courts.
In this case, it’s not the intent or even interpretation of coverage that’s in question; it’s the meaning of “publication” that’s in question within the policy language.
If the personal information was “published,” then any interpretation of the unendorsed policy wording leads to the conclusion that coverage exists. Define what is meant by “published.”
Dave, I can see a lot of company appointed lawyers writing manuscript exclusions on future policies for this. We were always taught that Personal Injury included defamation, false arrest or imprisonment, malicious prosecution as the crux of Personal Injury Liability coverage on a CGL contract. That is why this ruling is a real stretch for me.
I highly suggest you read the terms, conditions and exclusions of the contract to learn what’s covered instead of relying on what you were taught who knows how many years ago. Contractual coverages & exclusions change all the time. Just look at how far ISO policies have come!
I don’t think the court rewrote the intent of the policy wording. Rather, the carrier failed to clearly express the alleged intent. This is not the first case of a poorly drafted policy form. I’ve seen many forms that appear to have been collectively written by a 7th grade remedial English class. This is a good example of why it’s often better for insurers to stick with ISO standard forms that have been written and vetted by an organization that exists largely for this sole purpose and that have in many cases already been interpreted by the courts.
This is a specific ruling, not necessarily setting a precedent and the reason for that is simple: the company requesting the defense and indemnity is in the business of maintaining their clients electronic records. None of their “product” is intended for any publication except for those involved. What did Travelers think they were covering if not electronic records? But the fact is that coverage is always read broadly. Otherwise we would not be defending asbestos or lead liability claims CGL policies that did not originally contemplate such.
The language cited in the case does not appear to be pure ISO language. This is what can happen when carriers use their own language or modify ISO language. ISO isn’t perfect, but they have a pretty good track record of well-written policy forms that generally hold up in court.
Bingo. Travelers uses a manuscript CGL policy, which is likely a cause of concern. If you read the ISO forms there is no reference to “private life” in Coverage B.
This particular Travelers’ policy provided coverage for website injury arising from the “electronic publication of material that… gives unreasonable publicity to a person’s private life” (the language found in the 2012 policy) or (2) the “electronic publication of material that… discloses information about a person’s private life.” Not typical CGL coverage. Just a claim and policy specific situation. The title of the article is misleading.
Maybe I missed this detail, but is it explicitly stated whether this was an accidental publication?
Assuming that it was an accidental publication, and not a hacking incident, then I believe the court is saying that accidental publication is still publication. The next question is, if ISO responds by clarifying that accidental publication isn’t covered, given that most carriers use proprietary data breach coverage forms, do most of them actually include accidental publication within the definition of a breach?
Courts rewriting the intent of policy wording. Where have I see this song and dance before?
Dave, this is a big stretch of the intent of the coverage. In this age of cyber attacks and vulnerability of businesses, the courts may not like the results of their ruling since companies will react and not offer coverage to insured’s they formerly had no problem with. Excess/Surplus lines here they come.
wait – i’m confused. why would companies not offer coverage when they could just adopt “ISO endorsements deleting invasion of privacy-related offenses from the definition of personal and advertising injury applicable to Coverage B and addressing access or disclosure of confidential or personal information”?
wouldn’t carriers just keep writing these risks and require the iso endorsement the article indicated was being used now to ensure carriers aren’t liable if these situations happen again??
Agent, the court’s ruling isn’t a stretch at all. The definition of personal and advertising injury is pretty clear in regards to oral or written publications as they pertain to a persons right to privacy. Unless Traveler’s had an exclusion on the policy that the court is ignoring and the article is not mentioning. I find it hard to believe Traveler’s intent was not to provide coverage in a situation like this. If they did not intend to provide coverage…wow…someone is in big trouble!
In addition, this case has nothing to do with cyber attacks or vulnerability. Although, I suppose having staff that makes this kind of mistake could be considered a vulnerability, I’ll grant. The paragraph titled Publicity Arguement states pretty clearly that Portal placed the private information online. The title of the article is a little misleading by calling this a data breach…I wouldn’t call this a breach.
Bill, the interpretation may be correct, but do you really believe it was/is the intent of insurers to cover this under a GL policy?
Dave, I don’t know. I wouldn’t have expected it to be their intent; but, they did not exclude it. Regardless, given the clarity of the unendorsed form, I don’t believe the court can rule in favor of Traveler’s based on an intent stated after a claim was filed. From what little information we have, there is no indication that Traveler’s had any intent to exclude coverage, only the conjecture of we armchair quarterbacks. Are you suggesting the contract should be ignored in favor of Traveler’s stated intent after a claim has occurred?
I see your point Bill. Insurance being contacts of adhesion means any ambiguity will be found against the party who wrote the contract, hence the insurer. It should, be obvious the intent to cover is not there. It;s why there are separate cyber liability policies available. The industry probably needs to rewrite the policy to remove the ambiguity which I’m sure will be done quickly.
Travelers’ intent runs counter the the explicit language of the policy. Clearly the insured would win in that case. Ambiguity is generally ruled in favor of the insured. The burden is on Travelers to ensure they tighten their language.
We don’t know if this is a rewriting of the “intent” of the policy language because ISO won’t tell us the intent. In their own admission, they leave policy language interpretation to individual companies and the courts.
In this case, it’s not the intent or even interpretation of coverage that’s in question; it’s the meaning of “publication” that’s in question within the policy language.
If the personal information was “published,” then any interpretation of the unendorsed policy wording leads to the conclusion that coverage exists. Define what is meant by “published.”
Dave, I can see a lot of company appointed lawyers writing manuscript exclusions on future policies for this. We were always taught that Personal Injury included defamation, false arrest or imprisonment, malicious prosecution as the crux of Personal Injury Liability coverage on a CGL contract. That is why this ruling is a real stretch for me.
I highly suggest you read the terms, conditions and exclusions of the contract to learn what’s covered instead of relying on what you were taught who knows how many years ago. Contractual coverages & exclusions change all the time. Just look at how far ISO policies have come!
I don’t think the court rewrote the intent of the policy wording. Rather, the carrier failed to clearly express the alleged intent. This is not the first case of a poorly drafted policy form. I’ve seen many forms that appear to have been collectively written by a 7th grade remedial English class. This is a good example of why it’s often better for insurers to stick with ISO standard forms that have been written and vetted by an organization that exists largely for this sole purpose and that have in many cases already been interpreted by the courts.
This is a specific ruling, not necessarily setting a precedent and the reason for that is simple: the company requesting the defense and indemnity is in the business of maintaining their clients electronic records. None of their “product” is intended for any publication except for those involved. What did Travelers think they were covering if not electronic records? But the fact is that coverage is always read broadly. Otherwise we would not be defending asbestos or lead liability claims CGL policies that did not originally contemplate such.
The language cited in the case does not appear to be pure ISO language. This is what can happen when carriers use their own language or modify ISO language. ISO isn’t perfect, but they have a pretty good track record of well-written policy forms that generally hold up in court.
Bingo. Travelers uses a manuscript CGL policy, which is likely a cause of concern. If you read the ISO forms there is no reference to “private life” in Coverage B.
It’s in the definition of Personal and Advertising Injury. It refers to a person’s right to privacy.
This particular Travelers’ policy provided coverage for website injury arising from the “electronic publication of material that… gives unreasonable publicity to a person’s private life” (the language found in the 2012 policy) or (2) the “electronic publication of material that… discloses information about a person’s private life.” Not typical CGL coverage. Just a claim and policy specific situation. The title of the article is misleading.
It feels like enhancement of the meening of publication.
It depends on what the meaning of “is” is. LOL
Maybe I missed this detail, but is it explicitly stated whether this was an accidental publication?
Assuming that it was an accidental publication, and not a hacking incident, then I believe the court is saying that accidental publication is still publication. The next question is, if ISO responds by clarifying that accidental publication isn’t covered, given that most carriers use proprietary data breach coverage forms, do most of them actually include accidental publication within the definition of a breach?