David A. Thomas and Linda Kornfeld
Like a number of states, California prohibits insurers from indemnifying policyholders for liability based on intentional conduct that was committed with the intent to cause harm, although it does not bar a defense against such claims. California’s public policy is codified in Insurance Code Section 533, which provides: “An insurer is not liable for a loss caused by the wilful act of the insured; but he is not exonerated by the negligence of the insured, or of the insured’s agents or others.”
A significant body of law has elucidated the rules for application of Section 533. Reckless or grossly negligent conduct generally does not trigger application of the statute. Nor, with very limited exceptions, does the mere fact that a policyholder intended the act that caused the harm bring the conduct within Section 533. Instead, the policyholder must have intentionally performed a liability-producing act for the express purpose of causing harm or with knowledge that harm was highly probable or substantially certain to result. Fraud and malicious prosecution are common examples. Section 533, however, does not bar coverage for intentionally harmful acts based solely on vicarious liability. Continue reading “California Corner: California’s Bar on Coverage for Willful Acts under Insurance Code Section 533—Don’t Assume It Applies”
James S. Carter
Businesses are increasingly purchasing dedicated cyber insurance policies to address their cyber and data security exposures. To date, however, many of the judicial decisions addressing insurance for cyber exposures have done so under other, more traditional, types of insurance policies such as commercial general liability (“CGL”) and commercial property policies. Some of these rulings have disappointed policyholders by concluding that such non-cyber insurance policies do not cover cyber exposures. But a recent decision by the United States Court of Appeals for the Fifth Circuit demonstrates that certain non-cyber policies potentially afford coverage for cyber exposures. In Spec’s Family Partners, Ltd. v Hanover Insurance Co., No. 17-20263, 2018 U.S. App. LEXIS 17246 (5th Cir. June 25, 2018), the court of appeals found that a contractual liability exclusion in a management liability policy did not excuse the insurer of its duty to defend its policyholder, a private company, against a claim arising out of a payment card data breach. Continue reading “Seeking Insurance Coverage for Data Breach Claims? A Recent Case Confirms that Certain D&O Policies Potentially Provide Coverage”
Amy J. Spencer
“Phishing” is a scheme in which criminals use spoofed e-mails, copycat websites, or other deceptive communications to trick unwitting companies or individuals into sharing valuable personal information or into wiring money to sham bank accounts. As these schemes become unfortunately more common and sophisticated, companies are increasingly turning to their insurance policies to cover their monetary losses. However, many businesses that have purchased crime insurance to cover this type of “computer fraud” may not realize that e-mail-based thefts are not always covered. Businesses may reasonably assume that coverage exists under a crime insurance policy covering computer fraud because the loss is computer related, but insurance companies will likely insist on proof of a direct causal relationship between the computer fraud and the loss of funds before providing coverage.
The American Tooling case is the most recent pronouncement from the courts on “computer fraud” coverage. On July 13, the United States Court of Appeals for the Sixth Circuit ruled in favor of the policyholder and reversed the Michigan district court’s grant of summary judgment to Travelers Casualty and Surety Company of America. Am. Tooling Ctr., Inc. v. Travelers Cas. & Sur. Co. of Am., No. 17-2014, 2018 WL 3404708, — F.3d. — (6th Cir. July 13, 2018). Continue reading “American Tooling and Medidata: The Latest Rulings on Coverage for Phishing Scams”
An issue frequently raised in coverage disputes involving claims-made liability insurance policies is determining whether certain pre-lawsuit events or disputes constitute a “claim” sufficient to trigger coverage.
Unlike occurrence-based liability policies that respond in the policy year or years during which the coverage-triggering event occurred (e.g., the years in which a person sustained injury in an asbestos bodily injury claim), a claims-made liability insurance policy is triggered upon the insured’s receipt of a claim. Upon an insured providing notice of a claim, its insurers may dispute whether the notice-triggering event constitutes a “claim” at all. Continue reading “Federal Court Says Subpoena Is a “Claim” Triggering Insurance Coverage”
Jennifer J. Daniels and Linda Kornfeld
On June 28, 2018, California passed a historic privacy bill (AB 375) that mirrors some of the privacy obligations that recently came into effect in Europe under the General Data Protection Regulation (“GDPR”). The new California Consumer Privacy Act of 2018 (the “Act”) will go into effect on January 1, 2020. The new law requires greater transparency in information practices and gives individuals powerful new rights with respect to their personal information. Complying will be a challenge for many American businesses, in particular those that have not had to grapple with GDPR. Continue reading “California Corner: California Passes Historic Privacy Law: What to Consider Now to Reduce Future Financial Exposure”
The General Data Protection Regulation (“GDPR”) goes effective tomorrow. Companies are considering the consequences and attempting to determine whether they are compliant or how to get there, whatever “compliant” ultimately will be determined to mean as time progresses under GDPR. In considering the consequences of failure to comply, companies are, or should, also be thinking about whether they can transfer risk, including to insurance, and whether their current insurance policies will do the trick. Many companies now have cyber insurance, but cannot presume that their current cyber policy will protect against GDPR exposures. So, as we welcome in GDPR, the internal corporate conversation should include discussion of whether existing cyber policies are enough, or what needs to be done to fortify insurance protection against unknown future GDPR financial exposures.
Things to consider now: Continue reading “GDPR Is Finally Here: It’s Time to Make Sure Your Current Cyber Policy Will Protect against New Financial Exposures”
James S. Carter and Justin A. Chiarodo
Representations and Warranties (“R&W”) insurance has burst into the market in the last five years and now plays a key role in mergers and acquisitions (“M&A”) involving government contractors. Both private equity and strategic buyers use R&W insurance to improve their competitive position, and sellers benefit by avoiding escrows and holdbacks. In short, it can help get deals done. R&W insurance continues to evolve, and government contracts deals present unique challenges.
Below we discuss the basic aspects of this important insurance product and provide 10 tips for potential R&W policyholders to consider when evaluating policies. Continue reading “Helping Get Deals Done: 10 Tips to Assess Rep and Warranty Insurance Language in Government Services M&A Transactions”