Category Archives: Privacy Rights

Sony Data Breach Coverage Litigation Settles

This entry was posted by Joshua Mooney on April 30, 2015.

As reported in news outlets, including Law360, Sony and its insurers have settled their data breach coverage litigation, two months after the New York appellate division heard oral argument.

Sony had sought coverage for numerous data breach class action lawsuits filed against it following the 2011 data breach into its PlayStation network. Its general liability policies provided personal and advertising injury coverage for oral or written publication, in any manner, of material that violates a person’s right to privacy. The trial court held that the insurers had no duty to defend because coverage applied only for violations of privacy committed by Sony, as the policyholder, and not by third parties who hacked into Sony’s network and stole personally identifiable information (“PII”). Read More

This entry was posted in Data Breach Insurance Coverage, Privacy Rights and tagged Cyber, Data Beach.

Two Recent TCPA Cases: A Look at How They Can Affect Privacy Litigation

This entry was posted by Joshua Mooney on April 7, 2015.

Last week saw two separate Telephone Consumer Protection Act (“TCPA”) decisions in which federal district courts, one for the Eastern District of Pennsylvania, the other for the Northern District of Illinois, held no coverage existed for underlying TCPA litigation. The decisions’ results were not surprising, as TCPA coverage claims have been wilting like Wisconsin’s lead over Duke in last night’s final. What is interesting in the cases, Auto-Owners Ins. Co. v. Stevens & Ricci, Inc., No. 12-7228, 2015 WL 1456085 (E.D. Pa. Mar. 31, 2015) and Addison Automatics, Inc. v. Hartford Cas. Ins. Co., No. 13-1922, slip op. (N.D. Ill. Mar. 31, 2015), is that the courts reached their decisions on different bases. The reasoning behind each basis can apply to other privacy litigation.

In Stevens & Ricci, the insured was sued in a class action for faxing over 18,000 unsolicited fax advertisements in violation of the TCPA, 47 U.S.C. § 227. The underlying litigation alleged, among other claims, that the unsolicited faxes violated the privacy rights of class members who received them. Id. at *1. The insured’s policy defined “personal injury” and “advertising injury” in part as “oral or written publication of material that violates a person’s right of privacy.” Id. at *2-3. Read More

This entry was posted in Privacy Rights and tagged TCPA.

Dude, Where’s My Car?

This entry was posted by Joshua Mooney on February 9, 2015.

Here is a story almost as startling as the movie Dude, Where’s My Car? is bad. According to news reports, millions of cars and trucks are vulnerable to hacking through wireless technologies that could jeopardize driver safety and privacy. A congressional report, overseen by Sen. Ed Markey, D-Massachusetts, concludes that vehicles are vulnerable to hacking through wireless networks, smart phones, and “infotainment” systems like OnStar.

Sen. Markey cited studies showing that hackers can access controls of some vehicles, causing them to accelerate, turn, brake, sound the horn, control the headlights, and/or modify speedometer and gas gauge readings. Also of note are additional concerns regarding information in navigation systems, which can record and send location or driving history information. According to Sen. Markey, security measures used by automakers, such as identification codes and radio frequencies, can be identified and rewritten or bypassed. Read More

This entry was posted in Privacy Rights and tagged Cyber, Hacking.

Medical Records, The Internet, and A “Publication”

This entry was posted by Joshua Mooney on August 14, 2014.

Last week, the federal District Court in Virginia issued a quasi security/data breach coverage case where the court concluded that making private medical records accessible online constituted a publication even though there was no evidence that a third party had accessed them. Travelers Indem. Co. of Am. v. Portal Healthcare Solutions, LLC, No. 13-917, 2014 WL 3887797 (E.D. Va. Aug. 7, 2014). The mere fact that the records were accessible satisfied the plain and ordinary meaning of the term “publication” to implicate the duty to defend. What makes this decision noteworthy is how the Court distinguished the case before it from other decisions limiting the meaning of the term “publication.” Given that many healthcare providers are introducing “online” services for medical records, brokers and underwriters also may want to take note of this decision.

Portal Healthcare Solution (“Portal”) was a business specializing in the electronic safekeeping of medical records for hospitals, clinics, and other medical providers. Id. at *1. A New York putative class action was filed against it, alleging that Portal had failed to safeguard confidential medical records of patients at Glen Falls Hospital (“Glen Falls”), posting those records on the internet and causing them to become publicly accessible on the internet. Id. Two patients of Glen Falls discovered the breach when they ran a Google search of their names, and found links that directed them to their Glen Falls medical records. Id. at *2. (Honestly, how many of you are now going to Google your name? I did.) Read More

This entry was posted in Data Breach Insurance Coverage, Privacy Rights, Uncategorized and tagged Meaning of Publication.

Are “Right of Privacy” and “Person” Ambiguous? New York Weighs In

This entry was posted by Joshua Mooney on August 8, 2014.

Last week, I vacationed in beautiful Cooperstown, NY, where I watched baseball in stadiums built to resemble early 20^th century ballparks, visited the Baseball Hall of Fame, and enjoyed scenic views of the green Catskill Mountains. Oh, and there’s the Ommegang brewery, too. During that week, I was totally free of daily faxes promoting low-budget roof repairs, instant credit for business loans, and vacation hideaways in Cancun. So, what a return to reality it was to see Tower National Ins. Co. v. National Business Capital, Inc., No. 155786/2012, 2014 WL 3728500 (N.Y. Supr. Ct. July 28, 2014), a case addressing the meaning of “right of privacy” in the context of blast faxes. Thanks (or maybe not) to Roberta Anderson at K&L Gates for bringing this case to my attention as I returned back to the 21^stcentury.

The underlying lawsuit was a putative class action seeking damages for National Business Capital’s (“NBC”) alleged blast faxing in violation of the TCPA and Connecticut’s version of the statute. NBC sought coverage under its CGL policy for “personal and advertising injury” under “[o]ral or written publication, in any nature, of material that violates a person’s right of privacy.” Id. at *1-2. The issue was one of first impression in New York. (NBC also contended that the underlying action alleged “property damage,” but the court held that the complaint did not allege an “occurrence” to implicate coverage under Coverage A. Id. at *4.) Read More

This entry was posted in Privacy Rights, Uncategorized.

Coverage B: A Person Is Not a Company

This entry was posted by Joshua Mooney on April 25, 2014.

Here’s an interesting question: does “oral or written publication of material that violates a person’s right of privacy” include privacy rights of a corporation? (And, yes, some courts believe that business have rights of privacy, including the right of seclusion. E.g., Park Univ. Enters., Inc. v. Am. Cas. Co. of Reading, Pa., 442 F.3d 1239, 1247 (10^th Cir. 2006); Owners Ins. Co. v. European Auto Works, Inc., 2011 WL 3847469, at *3 (D. Minn. Aug. 30, 2011).)

This is not a mere “if a tree falls in the woods…” type of question, for the answer can have a significant impact on litigation as rights of privacy claims become more boilerplate, whether in the context of cyber liability, claims of unlawful collection of PII, or media/mass marketing lawsuits. This week, in Sportsfield Specialties, Inc. v. Twin City Fire Ins. Co., — N.Y.S.2d –, 2014 WL 1491514 (N.Y.A.D., 3d Dep’t Apr. 17, 2014), the New York Appellate Division addressed the issue as a matter of first impression, holding that “oral or written publication of material that violates a person’s right of privacy” in a general liability policy does not include a corporation’s right of privacy. The court reasoned its decision on the wording of the definition for “personal and advertising injury.” Read More

This entry was posted in Privacy Rights and tagged New York Appellate Division, privacy rights.

The Coverage Inkwell

Emerging Coverage Issues in Intellectual Property, Privacy, and Cyber Liability