Data breach claims are often referred to as the new EPL claims: high volume, high intensity, low impact on most insurers’ bottom line. But a more apt analogy is product recall litigation.
Product recall and data breach claims have a lot in common:
- they involve a problem with a major “brand,” whether cars, food or confidential data;
- the problem is often discovered internally before it is known by the public;
- lawyers and third parties investigate immediately, leading to privilege issues later on;
- governmental agencies require prompt notification and can levy fines and penalties;
- state and federal laws apply;
- the company’s reputation takes a hit;
- class action litigation is nearly inevitable; and
- someone usually loses his job.
Product recall cases differ from data breaches because they may involve criminal prosecution and/or bodily injury claims, although IOT can implicate bodily injury.
But product recall litigation is ahead of privacy cases when it comes to privilege attaching to pre-suit investigation by lawyers and third parties. For an interesting opinion on privilege and work product in the pre-suit stage, take a look at this opinion in the GM ignition switch recall litigation. GM Ignition Switch Litigation (01303157xAE57E)