Monthly Archives: May 2015

In IBM Data Breach Case, There Can Be No Publication Without Access


This entry was posted by on .

In Recall Total Info. Management, Inc. v. Federal Ins. Co., No. SC 19291, the Connecticut Supreme Court upheld the appellate court’s decision that a data breach suffered by IBM was not covered under general liability policies’ “personal and advertising injury” coverage.

In that case, Recall Total had contracted with IBM to transport off-site and store computer tapes containing the encrypted personal information of current and former IBM employees.  Recall then subcontracted the transportation services to Ex Log.  Ex Log lost the computer tapes when they fell from Ex Log’s truck onto the roadside and were retrieved by an unknown individual.  Importantly, there was no evidence that anyone ever accessed the information on the tapes or that their loss caused injury to any IBM employee.  Nevertheless, IBM spent significant sums of money providing identity theft services and complying with state notification requirements.  IBM sought to recoup its losses from Recall Total and Ex Log. Read More

This entry was posted in Data Breach Insurance Coverage, Privacy Rights.

Even in the Cyber World, Intentional Misconduct Is Not Negligence


This entry was posted by on .

Yesterday, Travelers Prop. Cas. Co. of Amer. v. Federal Recovery Services, Inc., No. 14-170 (D. Utah) determined that no coverage existed under a Technology Errors and Omissions Liability Form found in a cyber insurance policy after the insured data processer had failed to return valuable personal identification information it held on behalf of the information’s owner.  This case is going to get a lot of attention simply because it is the first published decision involving a cyber insurance policy form.  What it shows is that, even in the cyber world, intentional misconduct is not negligence.

The facts of the case are straightforward.  The underlying plaintiff, Global Fitness, owned and operated fitness centers in several states.  As part of its operations, Global Fitness had numerous members who would provide credit card or bank account information through which Global Fitness could bill them (“Member Accounts Data.”).  (Slip. op. at 3.)  Defendants were engaged in the business of providing processing, storage, transmission, and other handling of electronic data for customers.  (Id. at 1.)  Global Fitness entered into a contract with Defendants to process the Member Accounts and transfer the members’ fees to Global Fitness.  (Id. at 3.) Read More

This entry was posted in Uncategorized.