Recent examples of data breaches resulting in invasion of privacy lawsuits abound. Target and other retailers, financial services companies and other businesses have had their internal data systems breached and consumers’ private financial information stolen. There are insurance policies designed for such risks, but they are a relatively recent development. Yet, according to a recent article in the Boston Globe, only one-third of American businesses have purchased these new data breach policies. So what do the other two-thirds of the business community do when confronted with a data breach lawsuit?

In mediating both data breach disputes and insurance coverage cases arising out of similar claims, I have had to review and consider whether any insurance coverage applies to protect a business under these new circumstances. The most common policies held by businesses include comprehensive general liability (CGL) policies, directors and officers liability (D&O) policies and crime coverage, often included in fidelity policies.