Recent Posts
Follow Us
twittergoogle_pluslinkedinrssyoutube
The Legal Stuff
BT Policyholder Protection Blog
0 0

17 May 2016 Does a CGL Insurance Policy Cover a Data Breach? The Fourth Circuit Says ‘Yes’

Introduction   If you have anything to do with cybersecurity, privacy, or insurance, you undoubtedly have heard that the U.S. Court of Appeals for the Fourth Circuit ruled in April that a Commercial General Liability (CGL) insurance policy provides coverage for a data breach, in the case Travelers Indemnity v. Portal Healthcare Solutions.  In the last few years, insurance companies have been marketing cyberinsurance policies as the product designed for cybersecurity and privacy risks.  So how could it be that a CGL insurance policy – which insurance company lawyers proclaim were not “meant” to cover data breaches – provides coverage for data breaches?  We discuss the well-reasoned Portal Healthcare decision, which bolsters policyholders’ rights to collect under CGL policies, below.   The first question when…

READ MORE
0 0

13 May 2016 Scott Godes Quoted in Law360, “4 Tips for Law Firms to Maximize Cyber Coverage”

Scott Godes, partner and co-chair of the firm’s Data Security and Privacy Practice Group, was recently quoted in “4 Tips for Law Firms to Maximize Cyber Coverage,” published by Law360.   The article notes that law firms handle a wide variety of confidential client data, and comments on the importance of having insurance to cover related risks.  The article gives tips about policy terms, conditions, and exclusions that, in a perfect world, law firms should think about when buying coverage.   Law360 asked Scott about using the cloud and outsourcing data storage and processing.  Scott is quoted saying, “To the extent a law firm is relying on cloud providers for storage, processing or some other service, ‘cloud’ or ‘outsourced support’ should be included in the…

READ MORE
iStock_000011901199_Large
0 0

24 Mar 2016 Will The Fourth Circuit Overturn a Decision Finding CGL Coverage For a Data Breach?

  As reported by Law360’s Jeff Sistrunk, this week, the Court of Appeals for the Fourth Circuit will hear appellate arguments as to whether a Commercial General Liability (CGL) insurance policy provides coverage for a data breach:   The Fourth Circuit will hear arguments Thursday on whether Travelers must defend a medical records company against a class claim that its failure to secure a server caused records to be accessible to unauthorized users, a case experts say will have an impact on the availability of data breach coverage under commercial general liability policies.   Policyholders should hope that the Fourth Circuit’s rate of reversal – reported to be 4.2 percent for “Other U.S. Civil” and 7.3 percent for “Other Private Civil” cases – will give…

READ MORE
0 0

16 Mar 2016 Scott Godes Quoted in Law360: Insurance Article “Data Breach Report Shows Cyberinsurance Not A Cure-All”

  Scott Godes, partner and co-chair of the firm’s Data Security and Privacy Practice Group, was recently quoted in a Law360: Insurance article, “Data Breach Report Shows Cyberinsurance Not A Cure-All.”   The article discusses how companies are managing cyber risks and turning to cyberinsurance policies to handle data breaches.  The article highlights a recent study discussing the size and scope of common data breaches and whether cyberinsurance policies would respond to such incidents.   Scott is quoted in the article saying, “There are some policies that have a retention or deductible that can be significantly lower for the costs of forensic investigation, breach letters or crisis management than the deductible for putative class actions and dealing with regulatory investigations.”   Read the full article here….

READ MORE
0 0

02 Oct 2015 Scott Godes Quoted in Law360 Article, “A Cyberattack Survival Guide for Policyholders”

Scott Godes, partner and co-chair of the firm’s Data Security and Privacy Practice Group, was recently quoted in Law360’s article, “A Cyberattack Survival Guide for Policyholders.” The article examines cybersecurity concerns companies face after massive data breaches and highlights issues such as card issuer liability, customer liability, and D&O litigation.   Scott is quoted multiple times within the article.  He notes that there is not a magic solution to preventing data breaches and cyberattacks, noting that many “large enterprises that were hit with data breaches” had been “certified as compliant with payment card security rules by a third party.” Scott then gives advice for buying and evaluating cyberinsurance policies and insurance towers for those risks.   Read the full article here. Scott GodesScott N. Godes…

READ MORE
0 0

20 Aug 2015 What Insurance Should Cover Target’s Visa Settlement?

Two years later, and the Target data breach continues to make headlines.   Does anyone need to be reminded that Target suffered a data breach in 2013? Seeing that the breach continues to be litigated and settlements continue to be announced with payment card brands, it is difficult to forget the incident.   Most recently, Target announced that it had reached a settlement with Visa.[1] According to reports, Target could “pay as much as $67 million to banks that issue Visa cards.”[2] Target’s earlier $19 million settlement with MasterCard[3] ended up being scuttled; Target and MasterCard reportedly are working on another resolution.[4]   What is Target settling?   Target’s settlement with Visa likely is to resolve the alleged damages resulting from Target’s payment card breach….

READ MORE
0 0

20 Apr 2015 Will Cyberinsurance Cover Target’s $19 Million MasterCard Settlement?

Another credit card in the mail? If you’re reading this post, you’ve probably received a new credit or debit card in the mail, attached by rubber cement to a cover letter explaining that your card number could have been compromised – so you ended up with replacement cards. You might even have received new cards more than once over the past five years. Perhaps you even received a new card with an explanation that after the data breach at Target Corporation, your “issuing bank” – the bank that issued you the credit or debit card – decided to send you a new card. And maybe you signed your card, called to activate it, replaced your old card, and didn’t give a second thought to it….

READ MORE
0 0

25 Mar 2015 Scott Godes Quoted in Cyber Risk Network’s article, “10 million settlement with consumers a ‘good deal’ for Target, insurers”

Scott Godes, partner and member of the firm’s Policyholder Insurance Recovery Group, was recently quoted in Cyber Risk Network’s article, “10 million settlement with consumers a ‘good deal’ for Target, insurers.”   In a recent class-action lawsuit, Target Corp and consumers have agreed to a $10 million settlement after a data breach during 2013.  Consumers now will have to demonstrate harm by documenting direct losses from the breach, such as cost to replace identification.   Among other things, Scott is quoted saying, “The settlement should do nothing to consumers’ ability to prove harm and/or damages. The case never made it to a stage where there was showing of actual harm. At this point, there were only allegations of harm. The fact the case settled should…

READ MORE
0 1

09 Dec 2014 The Other Cyber Shoe Has Dropped – What Does that Mean for Your Insurance Program?

Just when you thought that it could not get worse for companies in the context of cybersecurity and privacy issues…it does. The end of 2014 has been brutal. Perhaps most significant, a court allowed banks to proceed against a retailer to pursue damages allegedly flowing from a cyberattack and data privacy incident involving payment card numbers. That same retailer disclosed hundreds of millions of dollars in losses as a result of the cyberattack a data privacy incident. Another retailer fell victim to a cyberattack and data privacy incident involving payment card numbers. Major entertainment businesses suffered cyberattacks, with one allegedly involving information about celebrities, corporate IP, and user names and passwords for social media accounts of the company. Distributed denial of service attacks (DDoS) are…

READ MORE
0 0

28 Aug 2014 If Your System Was Attacked by “Backoff” Malware, Would Your Insurance Cover A Data Breach Involving Credit Card Numbers?

  The US Federal Government recently issued an alert regarding Backoff Point-of-Sale Malware. The advisory, which was released by the DHS (Department of Homeland Security) and US-CERT (United Stated Computer Emergency Readiness Team), states the following:       This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs, a trusted partner under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense against the PoS malware dubbed “Backoff” which has been discovered exploiting businesses’ administrator accounts remotely and exfiltrating consumer payment data.     US-CERT, Alert (TA14-212A), Backoff Point-of-Sale Malware, Department of Homeland Security…

READ MORE