CyBIR: Cyber and Privacy Breaches – Insurance and Reinsurance Data Privacy Lawyers: Walker Wilcox & Matousek Law Firm

Hartford Denies Coverage for Song-Beverly Claims

Posted in Class Action, Coverage, Credit Card Transaction, Insurance, Privacy Legislation, Retail

The Hartford Fire Insurance Company has filed at least two suits against insureds seeking a declaration that CGL policies it issued do not provide coverage for Song-Beverly claims filed in the wake of the Pineda decision.

Hartford filed suits in Illinois federal court against Euromarket Designs, Inc. (a/k/a Crate & Barrel) and in New Jersey federal court against the Children’s Place Retail Stores Inc.  Each of the insureds had been named as defendants in various Song-Beverly class actions for intentionally requesting and recording their customers’ zip codes during credit card transactions.  The suits sought civil penalties and, in at least one case, restitution.

Hartford denied coverage for the suits on the basis that they did not allege any “bodily injury,” “property damage” or “personal and advertising injury” as required by the CGL policies and because civil penalties are not “damages” covered by the policies.  Hartford raised several other exclusions and conditions limiting coverage including a “Distribution of Material in Violation of Statutes” exclusion that precludes coverage for “personal and advertising injury” arising out of statutes that prohibit or limit “the sending, transmitting, communicating or distribution of material or information.”

Like the Zuirch case we reported on earlier, the Hartford actions illustrate the gaps in coverage insureds are discovering when seeking coverage under traditional commerical insurance policies for cyber/privacy claims.  Traditional policies, such as the CGL policies at issue in the Hartford cases, were written long before computers became a fixture for companies and before information gathering for marketing purposes became the hot commodity it is today.  As such, the drafters of those policies never envisioned that insureds would seek coverage for these types of emerging business risks.  Yet, cyber risks and privacy breaches are now a common occurrence for businesses of all types and sizes.  Insuring against these types of risks should be just as important to a company as insuring against theft, fire, shareholders suits and the like.