Data Breach Suit Covered Under CGL Policy

Margaret Loveman
Butler Snow LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Earlier this month in an unpublished opinion, the Fourth Circuit Court of Appeals found that Travelers Indemnity Company of America (“Travelers”) had a duty to defend its insured against a data breach suit under the terms of its Commercial General Liability (“CGL”) policy.

The underlying data breach class-action suit alleged that the insured, Portal Healthcare Solutions, LLC (“Portal”), engaged in negligent conduct that resulted in the plaintiffs’ private medical records being publicly available on the internet. Portal was insured by two Travelers’ CGL policies during the time of the alleged misconduct by Portal. Travelers sued Portal in the Eastern District of Virginia, seeking a declaration that it was not obliged to defend Portal against the claims in the class-action complaint.  As grounds, Travelers argued that the class-action complaint failed to allege a “personal injury” as defined by the CGL policies.   Travelers and Portal each moved for summary judgment on the duty-to-defend issue.

Under the policy language, whether a personal injury had been alleged hinged on 1) whether there was “an electronic ‘publication’ of material”; and 2) whether any “published material gave ‘unreasonable publicity’ to, or ‘disclosed’ information about, a person’s private life.”  The district court first determined that an electronic publication had been alleged: “Exposing medical records to the online searching of a patient’s name, followed by a click on the first result, as least ‘potentially or arguably’ places those records before the public.” The district court then determined that the allegation that patients’ medical records were searchable on the internet gave “unreasonable publicity to a person’s private life.”  As a result, the district court held that “personal injury” had been alleged and Travelers had a duty to defend Portal.   The Fourth Circuit “commending the district court for its sound legal analysis” affirmed the judgment on the reasoning of the district court.

The Travelers opinion is yet additional evidence, that whether data breaches are covered by a company’s CGL policy, is far from unsettled.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Butler Snow LLP | Attorney Advertising

Written by:

Butler Snow LLP
Butler Snow LLP
Contact
more
less

Butler Snow LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide