ISO's Newly-Filed Data Breach Exclusions Provide Yet Another Reason To Consider "Cyber" Insurance
|
|
- Garry Byrd
- 8 years ago
- Views:
Transcription
1 September 26, 2013 The text of this article was first published by Law360 on September 23, ISO's Newly-Filed Data Breach Exclusions Provide Yet Another Reason To Consider "Cyber" Insurance By Roberta D. Anderson Here a breach, there a breach, everywhere a data breach. Verizon s most recent 2013 Data Breach Investigations Report remarks that [p]erhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage this year. 1 And no organization is immune from a breach. The last two years have seen some of the world s most sophisticated corporate giants fall victim to some of the largest data breaches in history. It is clear that cyber attacks -- including data breaches -- are on the rise with unprecedented frequency, sophistication and scale. They are pervasive across industries and geographical boundaries. And they represent an everincreasing threat. 2 The problem of cyber risks is exacerbated, not only by increasingly sophisticated cyber criminals and evolving malware, but also by the trend in outsourcing of data handling, processing and/or storage to third-party vendors, including cloud providers, and by the simple reality of the modern business world, which is full of portable devices such as cell phones, laptops, ipads, USB drives, jump drives, media cards, tablets and other devices that may facilitate the loss of sensitive information. While data breaches and other types of cyber risks are increasing, laws and regulations governing data security and privacy are proliferating. In its most recent 2013 Cost of Data Breach Study, the Ponemon Institute reports that U.S. organizations spend on average $565,020 on post-breach notification alone. 3 Companies may also face lawsuits seeking damages for invasion of privacy, as well as governmental and regulatory investigations, fines and penalties, damage to brand and reputation, and other negative repercussions from a data breach, including those resulting from breaches of Payment Card Industry Data Security Standards. The Ponemon Institute s recent study reports that the average organizational cost of a data breach in 2012 was $188 per record for U.S. organizations ($277 in the case of malicious attacks) and the average number of breached records was 28,765, for a total of $5,407, The study does not include organizations that had data breaches in excess of 100,000 records, 5 although large-scale breaches clearly are on the rise. In the face of these daunting facts and figures, it is abundantly clear that network security alone cannot entirely address the issue; no firewall is unbreachable, no security system impenetrable. Insurance can play a vital role in a company s efforts to mitigate cyber risk. This fact has the attention of the Securities and Exchange Commission. In the wake of more frequent and severe cyber incidents, the SEC s Division of Corporation Finance has issued guidance on cybersecurity disclosures under the federal securities laws. The guidance advises that companies should review, on 1 Verizon, 2013 Data Breach Investigations Report, at 1 (2013). 2 PwC State of Cybercrime Survey, at 1 (June 2013) Cost of Data Breach Study: Global Analysis, Ponemon Institute LLC, at 16 (May 2013). 4 Id. at Id. at 1.
2 an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents and that appropriate disclosures may include a [d]escription of relevant insurance coverage. 6 While some companies carry specialty cyber insurance policies that are specifically designed to afford coverage for cyber risk, most companies have various forms of traditional insurance policies that may cover cyber risks, including Insurance Services Office, Inc. (ISO) 7 standard-form commercial general liability (CGL) policies. There may be significant coverage under CGL policies, including for data breaches that result in disclosure of personally identifiable information (commonly termed PII ) and other claims alleging violation of a right to privacy. For example, there is significant potential coverage under the Personal And Advertising Injury Liability coverage section (Coverage B) of the standard-form ISO CGL policy, which currently states that the insurer will pay those sums that the insured becomes legally obligated to pay as damages because of personal and advertising injury. 8 Personal and advertising injury is defined to include a list of specifically enumerated offenses, which include the offense of [o]ral or written publication, in any manner, of material that violates a person s right of privacy. 9 Coverage disputes generally focus on whether there has been a publication that violates the claimant s right of privacy both terms are left undefined in standard-form ISO policies and courts generally have construed the language favorably to insureds and have found coverage for a wide variety of claims alleging misuse of customer information and breach of privacy laws and regulations. 10 There may also be coverage under the Bodily Injury And Property Damage section of the standard CGL form (Coverage A), which states that the insurer will pay those sums that the insured becomes legally obligated to pay as damages because of bodily injury that occurs during the policy period. 11 As courts have found coverage for various types of cyber risks, however, ISO has added limitations and exclusions purporting to cut off CGL lines of coverage. For example, in response to a number of cases upholding coverage for breach of the Telephone Consumer Protection Act, the Fair Credit Reporting Act and other privacy laws, the current ISO standard form contains the following exclusion, which is applicable to both Coverage A and Coverage B: 6 SEC Division of Corporation Finance, CF Disclosure Guidance: Topic No. 2, Cybersecurity (Oct. 13, 2011). 7 ISO is an insurance industry organization whose role is to develop standard insurance policy forms and to have those forms approved by state insurance commissioners. 8 ISO Form CG (2012), Section I, Coverage B, 1.a. 9 Id. 14.e. 10 See, e.g., Park Univ. Enters., Inc. v. American Cas. Co. Of Reading, PA, 442 F.3d 1239, 1251 (10th Cir. 2006) (Kansas law) (upholding coverage for alleged violations of the TCPA and rejecting the insurer s attempt to ascribe narrow meaning to the undefined terms privacy and publication ); Zurich American Ins. Co. v. Fieldstone Mortgage Co., 2007 WL , at *5 (D.Md. Oct. 26, 2007) (Maryland law) (upholding coverage for FCRA claims and noting that [o]f the circuits to examine publication in the context of an advertising injury provision, the majority have found that the publication need not be to a third party ); Pietras v. Sentry Ins. Co., 2007 WL , at *2-3 (N.D.Ill. Mar. 6, 2007) (upholding coverage for alleged violations of the FCRA, noting that publication in a policy providing coverage for advertising injury includes communication to as few as one person, thereby resulting in coverage for violations of a statute invoking privacy interests, such as the FPCA ) (following Valley Forge Ins. Co. v. Swiderski Elec., Inc., 860 N.E.2d 307 (Ill. 2006)); Columbia Cas. Co. v. HIAR Holding, L.L.C., --- S.W.3d ----, 2013 WL , at *9 (Mo. Aug. 13, 2013) (upholding coverage alleging violations of the TCPA, concluding that a reasonable interpretation of [the] policy can include that coverage is available for the privacy rights claims of the class ); Penzer v. Transportation Ins. Co., 29 So.3d 1000, 1008 (Fla. 2010) (holding that an advertising injury provision in a commercial liability policy that provides coverage for an oral or written publication of material that violates a person s right of privacy provides coverage for blast-faxing in violation of the TCPA ). See also Netscape Commc nscorp. v. Federal Ins. Co., 343 Fed.Appx. 271 (9th Cir. 2009), aff g 2007 WL (N.D. Cal. Apr. 27, 2007) (upholding coverage for claims alleging that the insured s SmartDownload software violated the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act by, among other things, collecting, storing, and disclosing claimants Internet usage, which was used to create opportunities for targeted advertising ). 11 ISO Form CG (2012), Section I, Coverage A, 1.a., 1.b.(2). 2
3 This insurance does not apply to: p. Recording And Distribution Of Material Or Information In Violation Of Law Personal and advertising injury arising directly or indirectly out of any action or omission that violates or is alleged to violate: (1) The Telephone Consumer Protection Act (TCPA), including any amendment of or addition to such law; (2) The CAN-SPAM Act of 2003, including any amendment of or addition to such law; (3) The Fair Credit Reporting Act (FCRA), and any amendment of or addition to such law, including the Fair and Accurate Credit Transactions Act (FACTA); or (4) Any federal, state or local statute, ordinance or regulation, other than the TCPA, CAN-SPAM Act of 2003 or FCRA and their amendments and additions, that addresses, prohibits, or limits the printing, dissemination, disposal, collecting, recording, sending, transmitting, communicating or distribution of material or information. 12 Insurers have raised this exclusion, among others, in recent privacy breach cases. 13 More sweepingly, as part of its April 2013 revisions to the CGL policy forms, ISO introduced a new endorsement, entitled Amendment Of Personal And Advertising Injury Definition, which entirely eliminates the key offense of [o]ral or written publication, in any manner, of material that violates a person s right of privacy (found at Paragraph 14.e of the Definitions section of Coverage B): With respect to Coverage B Personal And Advertising Injury Liability, Paragraph 14.e. of the Definitions section does not apply. 14 And the latest: ISO has just filed a number of data breach exclusionary endorsements for use with its standard-form primary, excess and umbrella CGL policies. These are to become effective in May By way of example, one of the endorsements, entitled Exclusion - Access Or Disclosure Of Confidential Or Personal Information And Data-Related Liability - Limited Bodily Injury Exception Not Included, adds the following exclusion to Coverage A: This insurance does not apply to: p. Access Or Disclosure Of Confidential Or Personal Information And Data-related Liability Damages arising out of: (1) Any access to or disclosure of any person's or organization's confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of nonpublic information; or 12 ISO Form CG (2012), Section I, Coverage B, 2.p. 13 See, e.g., Nationwide Mut.Fire Ins. Co. v. First Citizens Bank and Trust Co. Inc., et al., No. 4:13cv598 (D.S.C.), Complaint 23, 55 (filed Mar. 6, 2013); Hartford Fire Ins. Co. v. Euromarket Designs, Inc., No. 1:11-cv (N.D. Ill.), Complaint 9, 35 (filed May 5, 2011). 14 CG (2012). 3
4 (2) The loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data. This exclusion applies even if damages are claimed for notification costs, credit monitoring expenses, forensic expenses, public relations expenses or any other loss, cost or expense incurred by you or others arising out of that which is described in Paragraph (1) or (2) above. 15 The endorsement also adds the following exclusion to Coverage B: This insurance does not apply to: Access Or Disclosure Of Confidential Or Personal Information Personal and advertising injury arising out of any access to or disclosure of any person s or organization's confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of non public information. This exclusion applies even if damages are claimed for notification costs, credit monitoring expenses, forensic expenses, public relations expenses or any other loss, cost or expense incurred by you or others arising out of any access to or disclosure of any person's or organization's confidential or personal information. 16 ISO states that when this endorsement is attached, it will result in a reduction of coverage due to the deletion of an exception with respect to damages because of bodily injury arising out of loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data and that [t]o the extent that any access or disclosure of confidential or personal information results in an oral or written publication that violates a person's right of privacy, this revision may be considered a reduction in personal and advertising injury coverage. 17 While acknowledging that coverage for data breaches is currently available under its standard forms, ISO explains that [a]t the time the ISO CGL and [umbrella] policies were developed, certain hacking activities or data breaches were not prevalent and, therefore, coverages related to the access to or disclosure of personal or confidential information and associated with such events were not necessarily contemplated under the policy. 18 The scope of this exclusion ultimately will be determined by judicial review. Although it may take some time for the new (or similar) exclusions to make their way into general liability policies, and the full reach of the exclusions remains unclear, they provide another reason for companies to carefully consider specialty cyber insurance products. Even where insurance policies do not contain the newer limitations or exclusions, insurers may argue that cyber risks are not covered under traditional policies. The brewing legal dispute between Sony and its insurers concerning the PlayStation Network data breach highlights the challenges that companies can face in getting insurance companies to cover losses arising from cyber risks under CGL policies. In its recent motion for partial summary judgment, Sony argues that there is data breach coverage because [t]he MDL Amended Complaint alleges that plaintiffs suffered the loss of privacy as the result of the improper disclosure of their Personal Information [which] has been held to constitute material that 15 CG (2013). Electronic data is defined as information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD-ROMS, tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment. Id. 16 Id. 17 ISO Commercial Lines Forms Filing CL DBFR, at p Id. at p. 3. 4
5 violates a person s right of privacy. 19 However, the insurers seek a declaration that there is no coverage under the CGL policies at issue, among other reasons, on the basis that the underlying lawsuits do not assert claims for personal and advertising injury. 20 The Sony coverage suit does not represent the first time that insurers have refused to voluntarily pay claims resulting from a network security breach or other cyber-related liability under CGL policies. Nor will it be the last. Even where there is a good claim for coverage, insurers can be expected to continue to argue that cyber risks are not covered under CGL or other traditional policies. As far as data breaches are concerned, cyber policies usually provide some form of privacy coverage. This coverage would typically provide defense and indemnity coverage for claims arising out of a data breach that actually or potentially compromises PII. By way of example, the AIG Specialty Risk Protector specimen policy 21 states that the insurer will pay all Loss that the Insured is legally obligated to pay resulting from a Claim alleging a Privacy Event. Privacy Event 22 includes: (1) any failure to protect Confidential Information (whether by phishing, other social engineering technique or otherwise) including, without limitation, that which results in an identity theft or other wrongful emulation of the identity of an individual or corporation; (2) failure to disclose an event referenced in Sub-paragraph (1) above in violation of any Security Breach Notice Law; or (3) violation of any federal, state, foreign or local privacy statute alleged in connection with a Claim for compensatory damages, judgments, settlements, prejudgment and post-judgment interest from Sub-paragraphs (1) or (2) above. 23 Confidential Information is defined as follows: Confidential Information means any of the following in a Company s or Information Holder s care, custody and control or for which a Company or Information Holder is legally responsible: (1) information from which an individual may be uniquely and reliably identified or contacted, including, without limitation, an individual s name, address, telephone number, social security number, account relationships, account numbers, account balances, account histories and passwords; (2) information concerning an individual that would be considered nonpublic personal information within the meaning of Title V of the Gramm-Leach Bliley Act of 1999 (Public Law , 113 Stat. 1338) (as amended) and its implementing regulations; 19 Memorandum of Law in Support of the Motion of Sony Corporation of America and Sony Computer Entertainment America LLC for Partial Summary Judgment Declaring That Zurich and Mitshui Have a Duty to Defend, at p. 14, filed May 10, 2013 in Zurich Am. Ins.Co., et al. vs. Sony Corp. of Am., et al., No /2011 (N.Y. Sup. Ct. New York Cty.). 20 Complaint at See AIG Specialty Risk Protector Specimen Policy Form (11/09), Security and Privacy Coverage Section. 22 Id. Section Id. Section 2.(d). Security Breach Notice Law includes any statute or regulation that requires an entity storing Confidential Information on its Computer System, or any entity that has provided Confidential Information to an Information Holder, to provide notice of any actual or potential unauthorized access by others to Confidential Information stored on such Computer System, including but not limited to, the statute known as California SB 1386 ( , et. al. of the California Civil Code). Id. Section 2.(m). 5
6 (3) information concerning an individual that would be considered protected health information within Health Insurance Portability and Accountability Act of 1996 (as amended) and its implementing regulations; (4) information used for authenticating customers for normal business transactions; (5) any third party s trade secrets, data, designs, interpretations, forecasts, formulas, methods, practices, processes, records, reports or other item of information that is not available to the general public[.] There are numerous specialty cyber products on the market that generally respond to data breaches. A policy offering the privacy coverage will often offer coverage for civil, administrative and regulatory investigations, fines and penalties and, importantly, will commonly offer remediation coverage (sometimes termed crisis management or notification coverage) to address costs associated with a security breach, including: costs associated with post-data breach notification credit monitoring services forensic investigation to determine cause and scope of a breach public relations efforts and other crisis management expenses legal services to determine an insured s indemnification rights where a third party s error or omission has caused the problem. Cyber insurance policies offer other types coverages as well, including media liability coverage (for claims for alleging, for example, infringement of copyright and other intellectual property rights and misappropriation of ideas or media content), first party property and network interruption coverage, and cyber extortion coverage. The cyber policies can be extremely valuable. But selecting and negotiating the right cyber insurance product presents a real and significant challenge. There is a dizzying array of cyber products on the marketplace, each with their own insurer-drafted terms and conditions, which vary dramatically from insurer to insurer even from policy to policy underwritten by the same insurer. Because of the nature of the product and the risks that it is intended to cover, successful placement requires the involvement and input, not only of a capable risk management department and a knowledgeable insurance broker, but also of in-house legal counsel and IT professionals, resources and compliance personnel and experienced insurance coverage counsel. Author: Roberta D. Anderson roberta.anderson@klgates.com Anchorage Austin Beijing Berlin Boston Brisbane Brussels Charleston Charlotte Chicago Dallas Doha Dubai Fort Worth Frankfurt Harrisburg Hong Kong Houston London Los Angeles Melbourne Miami Milan Moscow Newark New York Orange County Palo Alto Paris Perth Pittsburgh Portland Raleigh Research Triangle Park San Diego San Francisco São Paulo Seattle Seoul Shanghai Singapore Spokane Sydney Taipei Tokyo Warsaw Washington, D.C. Wilmington 6
7 K&L Gates practices out of 48 fully integrated offices located in the United States, Asia, Australia, Europe, the Middle East and South America and represents leading global corporations, growth and middle-market companies, capital markets participants and entrepreneurs in every major industry group as well as public sector entities, educational institutions, philanthropic organizations and individuals. For more information about K&L Gates or its locations, practices and registrations, visit This publication is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer K&L Gates LLP. All Rights Reserved. 7
Cybersecurity Risk Factors: Five Tips to Consider When Any Public Company Might be The Next Target
10 February 2014 Practice Groups: Capital Markets Insurance Coverage The text of this article was first published by Law360 on February 10, 2014. Cybersecurity Risk Factors: Five Tips to Consider When
More informationFive Steps To Data Breach Coverage For Card Issuer Liability
20 April 2015 Practice Groups: Insurance Coverage Cyber Law and Cybersecurity This article was first published by Law360 on April 17, 2015. Five Steps To Data Breach Coverage For Card Issuer By Roberta
More informationInsurance Coverage for Cyber Attacks
May 2013 The text of this article first appeared in the May 2013 issue of The Insurance Coverage Law Bulletin, Vol. 12, No. 4 Insurance Coverage for Cyber Attacks Part One of a Two-Part Article By Roberta
More informationSEC Staff Addresses Third-Party Endorsements of Investment Advisers on Social Media Websites
April 2014 Practice Groups: Investment Management, Hedge Funds and Alternative Investments Private Equity SEC Staff Addresses Third-Party Endorsements of By Michael W. McGrath and Sonia R. Gioseffi On
More informationBackground. 9 September 2015. Practice Groups: Investment Management, Hedge Funds and Alternative Investments Broker-Dealer Finance
9 September 2015 Practice Groups: Investment Management, Hedge Funds and Alternative Investments Broker-Dealer Finance Cybersecurity Update: National Futures Association Proposes Cybersecurity Guidance
More informationWhy Buy Cyber and Privacy Liability When You Have a Perfectly Good Commercial General Liability Program?
Why Buy Cyber and Privacy Liability When You Have a Perfectly Good Commercial General Liability Program? July 2014 Lockton Companies Cyber and Privacy Liability insurance programs have grown in popularity
More informationFive Takeaways from the First Cyber Insurance Case
21 May 2015 Practice Groups: Insurance Coverage Cyber Law and Cybersecurity This article was first published by Law360 on May 18, 2015. Five Takeaways from the First Cyber Insurance Case By Roberta D.
More informationThe Calm Before the Storm Is the Time to Consider. Insurance Coverage. Part Two of a Two-Part Article. Look Out for Potential Causation Issues
February 6, 2014 Practice Group: Insurance Coverage The text of this article was first published in the February 2014 issue of the Insurance Coverage Law Bulletin. The Calm Before the Storm Is the Time
More informationBeyond Credit Reporting: The Extension of Potential Class Action Liability to Employers under the Fair Credit Reporting Act
April 7, 2014 Practice Groups: Financial Institutions and Services Litigation Commercial Disputes Labor, Employment and Workplace Safety Consumer Financial Services Beyond Credit Reporting: The Extension
More informationItalian Tax Reform. New legislation on abuse of law and statute of limitations. Abuse of law and tax avoidance. Introduction
27 August 2015 Practice Group(s): Tax Italian Tax Reform New legislation on abuse of law and statute of limitations By Vittorio Salvadori di Wiesenhoff The Italian Government has recently approved a new
More informationAustralian National Electricity Rules Adopt a More 'Cost Reflective' Approach to Network Pricing
23 December 2014 Practice Group(s): Energy, Infrastructure and Resources Renewable Energy Climate Change and Sustainability Australian National Electricity Rules Adopt a More 'Cost Reflective' Australia
More informationLaunch of Mutual Recognition of Funds Between Mainland China and Hong Kong
June 2015 Practice Group: Investment Management, Hedge Funds and Alternative Investments Launch of Mutual Recognition of Funds Between Mainland China and Hong Kong By Choo Lye Tan On 22 May 2015, the Securities
More informationHow Can the Automotive Industry Strengthen Its Regulatory Compliance Process and Reduce Its Compliance Risks?
September 29, 2015 Practice Groups: Regulatory Compliance Internal Investigations Government Investigations White Collar Crime/Criminal Defense Public Policy and Law Environmental, Land and Natural Resources
More informationNIST Unveils Preliminary Cybersecurity Framework
November 25, 2013 Practice Group: Cyber Law and Cybersecurity NIST Unveils Preliminary Cybersecurity Framework By Roberta D. Anderson On October 22, the National Institute of Standards and Technology (NIST)
More informationThe Affordable Care Act s Employer Mandate: Guidance for Educational Organizations
March 4, 2014 Practice Group(s): Employee Benefits Benefits, ESOPs, and Executive Compensation The Affordable Care Act s Employer Mandate: Guidance for Educational By Lynne Shore Wakefield and Emily D.
More informationFederal Court Enjoins Texas Medical Board from Enforcing More Stringent Telemedicine Rules
June 2015 Practice Group(s): Health Care Federal Court Enjoins Texas Medical Board from Enforcing More Stringent By Edward L. Vishnevetsky, Richard P. Church and Leah D Aurora Richardson On April 10, 2015,
More informationRemoval of Credit Ratings References
August 2014 Practice Groups: Investment Management, Hedge Funds and Alternative Investments Broker-Dealer Removal of Credit Ratings References By Michael S. Caccese, Clair E. Pagnano, Rita Rubin, and George
More informationHow To Allow Sports Wagering In New Jersey
November 2014 This article originally appeared in World Sports Law Report Volume 12 Issue 11, November 2014. Betting: New Jersey s Attempts to Allow Sports Betting By Linda J. Shorey, Anthony R. Holtzman
More informationEnvironment, Health And Safety. Ensuring Your Company s European Operations are Compliant with New EU Regulations and Enforcement Measures
Environment, Health And Safety Ensuring Your Company s European Operations are Compliant with New EU Regulations and Enforcement Measures WHAT IS THE THREAT TO YOUR COMPANY S COMPLIANCE RECORD AND GOOD
More informationMaximizing Insurance Recovery for the Tianjin Port Explosions
20 August 2015 Practice Group: Insurance Coverage Maximizing Insurance Recovery for the Tianjin Port By David F. McGonigle, Roberta D. Anderson, and Justin T. Waddell On Wednesday, August 12, 2015, two
More informationHealth Care Entities Get Clarity from FCC on Telephone Communications
10 August 2015 Practice Group(s): Health Care Telecom, Media and Technology Health Care Entities Get Clarity from FCC on Telephone Communications By Martin L. Stern, Samuel R. Castic, Ryan J. Severson
More informationDOE Announces Fundamental Shift in LNG Export Authorization Policy
5 June 2014 Practice Groups: Liquefied Natural Gas Oil & Gas Energy, Infrastructure and Resources Energy DOE Announces Fundamental Shift in LNG Export Authorization Policy By David L. Wochner, Sandra E.
More informationNinth Circuit Opinion May Open Litigation Doors Most Thought Closed
March 2015 Practice Group: Investment Management Ninth Circuit Opinion May Open Litigation Doors Most By Jeffrey B. Maletta, Mark P. Goshko, Scott E. Waxman, Clair E. Pagnano, Nicholas G. Terris, and Joel
More informationSocial Media - 10 Fundamental Questions All Businesses Consider
January 2015 Practice Group(s): Corporate/ M&A Technology Transactions Social Media: 10 Fundamental Questions All Businesses Should Consider About Their Online Presence By Holly K. Towle, Kendra H. Nickel-Nguy
More informationCyber and CGL Insurance Coverage for Data Breach Claims
Cyber and CGL Insurance Coverage for Data Breach Claims Paula Weseman Theisen, Partner Data breach overview Definition of data breach/types Data breach costs Data breach legal claims and damages Cyber-insurance
More informationPayday Loans Under Attack: The CFPB's New Rule Could Dramatically Affect High-Cost, Short-Term Lending
6 June 2016 Practice Groups: Financial Institutions and Services Litigation Consumer Financial Services Commercial Disputes Class Action Litigation Defense Payday Loans Under Attack: The CFPB's New Rule
More informationTeva and Its Potential Impact on Patent Litigation
January 28, 2015 Practice Group(s): IP Litigation IP Procurement and Portfolio Management Teva and Its Potential Impact on Patent Litigation By Michael J. Abernathy, Suzanne E. Konrad, Rebecca M. Cavin
More informationRegulatory Implications of New Products and Services in the Australian Electricity Market
2 March 2015 Practice Group: Energy Regulatory Implications of New Products and Services in the Australian Australia Energy Alert By Jenny Mee and Larissa Hauser The Energy Market Reform Working Group
More informationIMO Industries Tackles New Jersey Law on Host of Insurance Coverage Issues
13 October 2014 Practice Groups: Insurance Coverage Toxic Tort IMO Industries Tackles New Jersey Law on Host of Insurance Coverage Issues New Jersey Insurance Coverage and Toxic Tort Alert By Donald W.
More informationBackground: November 26, 2013
November 26, 2013 Practice Groups: Financial Institutions and Services Litigation; Consumer Financial Services; Commercial Disputes; Global Government Solutions For more news and developments related to
More information2014 Amendments Affecting Delaware Alternative Entities and the Contractual Statute of Limitations
August 2014 Practice Groups: Corporate/M&A Private Equity 2014 Amendments Affecting Delaware Alternative Entities By Scott E. Waxman, Eric N. Feldman, Nicholas I. Froio, Andrew Skouvakis, Zachary L. Sager
More informationSecond Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL
Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Using Insurance Coverage to Mitigate Cybersecurity Risks To Warranty and Service Contract Businesses Barry Buchman, Partner
More informationINSURANCE COVERAGE FOR CYBER RISKS AND REALITIES September 24, 2013
Presenters: Roberta D. Anderson John P. Scordo INSURANCE COVERAGE FOR CYBER RISKS AND REALITIES September 24, 2013 Presentation to the Association of Corporate Counsel Western Pennsylvania Chapter Copyright
More informationCyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
More informationIran Sanctions Relief and Further EU Regulatory Developments in 2016
January 2016 Practice Group: Antitrust, Competition & Trade Regulation Iran Sanctions Relief and Further EU Regulatory By Philip Torbøl, Raminta Dereskeviciute, Alessandro Di Mario and Daniel L. Clyne
More informationBenefits and Compensation Alert
April 2, 2010 Authors: Mary Turk-Meena mary.turk-meena@klgates.com +1.704.331.7590 Lynne S. Wakefield lynne.wakefield@klgates.com +1.704.331.7578 Emily D. Zimmer emily.zimmer@klgates.com +1.704.331.7405
More informationThe Insurance Coverage Law Information Center
The following article is from National Underwriter s latest online resource, FC&S Legal: The Insurance Coverage Law Information Center. The Insurance Coverage Law Information Center VIRUSES, TROJANS AND
More informationThe Limited Liability Company and the Bankruptcy Code
March 4, 2013 Practice Groups: Restructuring & Bankruptcy Corporate/M&A Finance The Limited Liability Company and the Bankruptcy Code By David A. Murdoch This K&L Gates Legal Insight highlights certain
More informationTreasury Department Issues Cybersecurity Checklist for Financial Institutions: What Might Apply to Your Financial Services Company?
14 December 2015 Practice Groups: Government Enforcement Global Government Solutions Cyber Law and Cybersecurity Treasury Department Issues Cybersecurity Checklist for Financial Institutions: What Might
More informationCMS Announces the Next Generation of Accountable Care Organizations Aimed at Increased Risk Sharing and Program Sustainability
April 2015 Practice Group: Health Care CMS Announces the Next Generation of Accountable Care Organizations Aimed at Increased Risk Sharing and Program Sustainability By Richard P. Church, Steven G. Pine,
More informationSEC Announces First Distribution in Guise Case
September 29, 2015 Practice Groups: Investment Management, Hedge Funds and Alternative Investments Broker-Dealer Government Enforcement SEC Announces First Distribution in Guise Case By Arthur C. Delibert,
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationBoard Responsibilities Under SEC s Money Market Fund Reforms
August 2014 Practice Group: Investment Management, Hedge Funds and Alternative Investments Board Responsibilities Under SEC s Money Market Fund By Diane E. Ambler, Craig A. Ruckman On July 23, 2014, the
More informationESTABLISHING A BUSINESS PRESENCE IN DUBAI
ESTABLISHING A BUSINESS PRESENCE IN DUBAI This guide, written by K&L Gates lawyers, includes a high level overview of the legal and regulatory environment for establishing a business presence in Dubai,
More informationTaxes and Politics Collide in New IRS Guidelines for 501(c)(4) Organizations: IRS Proposes to Restrict Political Activities of Some Non-Profits
December 11, 2013 Practice Groups: Public Policy and Law; Tax; Tax-Exempt Organizations/ Nonprofit Institutions; Global Government Solutions Taxes and Politics Collide in New IRS Guidelines for 501(c)(4)
More informationNYAG Issues Cease-and-Desist Letters to DFS Sites
13 November 2015 Practice Groups: Government Enforcement Betting & Gaming Consumer Financial Services Global Government Solutions Accepting Daily Fantasy Sports Payments and Proceeds May Be Unlawful: New
More informationCybersecurity: What In-House Counsel Needs to Know
Cybersecurity: What In-House Counsel Needs to Know November 19, 2013 Vivian A. Maese vivian.maese@dechert.com 2013 Dechert LLP So what does all of the legal activity in cybersecurity mean to you? The top
More informationCyberinsurance: Insuring for Data Breach Risk
View the online version at http://us.practicallaw.com/2-588-8785 Cyberinsurance: Insuring for Data Breach Risk JUDY SELBY AND C. ZACHARY ROSENBERG, BAKER HOSTETLER LLP, WITH PRACTICAL LAW INTELLECTUAL
More informationAssignee Liability Is Extended by Massachusetts: Will Others Follow Suit?
Mortgage Banking & Consumer Financial Products Alert July 27, 2010 Authors: Philip M. Cedar phil.cedar@klgates.com +1.212.536.4820 Jonathan D. Jaffe jonathan.jaffe@klgates.com +1.415.249.1023 Laurence
More informationCyber Liability Insurance: It May Surprise You
Cyber Liability Insurance: It May Surprise You Moderator Eugene Montgomery, President & CEO Community Financial Insurance Center Panelists Antonio Trotta, Senior Claim Counsel, CNA Specialty William Heinbokel,
More informationISO BROADENS PERSONAL AND ADVERTISING INJURY COVERAGE GAPS
ISO BROADENS PERSONAL AND ADVERTISING INJURY COVERAGE GAPS Recent changes to the Commercial General Liability Policy ( CGL ) by the Insurance Services Office ( ISO ) have widened the coverage gap for publishing
More informationCyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF
Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF October 9, 2013 1 Cyber Insurance Why? United States Department of Commerce: Cyber Insurance
More informationCyber and data Policy wording
Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and
More informationCLASS ACTION. Westlaw Journal. Expert Analysis The State of Coverage Disputes Concerning Advertising And Privacy Claims
Westlaw Journal CLASS ACTION Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 19, ISSUE 8 / SEPTEMBER 2012 Expert Analysis The State of Coverage Disputes Concerning Advertising
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationInsurance Coverage Law Report
September 2013 Insurance Coverage Law Report From the Editor Our Industry News, and Why It Matters By Steven A. Meyerowitz Feature Articles Data Breaches and the General Liability Policy in a Cyber-World
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationInsurance for Data Breaches in the Hospitality Industry
The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. dbender@andersonkill.com
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More information01/ 02/ 03/ 04/ 05/ Beyond borders Deloitte Discovery April 23 rd 2015 Cyprus 1 Going beyond borders to move our clients ahead Deloitte Discovery Services - Deloitte Legal 2 The Deloitte
More informationBetting & Gaming/Tax-Exempt Organizations Alert
Betting & Gaming/Tax-Exempt Organizations Alert October 2010 Authors: Robert A. Lawton robert.lawton@klgates.com +1.717.231.4549 Cordelia A. Glenn Grabiak cordelia.grabiak@klgates.com +1.412.355.6701 Marsha
More informationAre You Covered? Understanding Vendor Endorsements and Harmonizing Risk Transfer Arrangements. Kevin B. Dreher & Jennifer D. Katz Reed Smith LLP
Are You Covered? Understanding Vendor Endorsements and Harmonizing Risk Transfer Arrangements July 14, 2015 Kevin B. Dreher & Jennifer D. Katz Reed Smith LLP Program Overview 1. How to Transfer Risk and
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationCyber Liability. What School Districts Need to Know
Cyber Liability What School Districts Need to Know Data Breaches Growing In Number Between January 1, 2008 and April 4, 2012 314,216,842 reported records containing sensitive personal information have
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationPrivacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014
Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014
More informationCloud Coverage. Authors. Introduction. First-Party Coverage Issues. Cloud Computing Purchasers
Cloud Coverage Transcending the Cloud A Legal Guide to the Risk and Rewards of Cloud Computing Cloud Coverage Authors Richard P. Lewis, Partner rlewis@reedsmith.com Carolyn H. Rosenberg, Partner crosenberg@reedsmith.com
More informationCMS RELEASES FINAL MEDICARE SHARED SAVINGS PROGRAM RULE
June 2015 Practice Group(s): Health Care CMS RELEASES FINAL MEDICARE SHARED SAVINGS PROGRAM RULE Health Care Alert By Richard P. Church, Steven G. Pine, Jon S. Zucker, Trevor P. Presler On June 9, 2015,
More informationFinance Alert. New Rules on Short Selling and Derivative Transactions in Germany. Introduction. Prohibition of Short Selling
30 July 2010 Authors: Dr. Christian Büche christian.bueche@klgates.com T +49.69.94.51.96.365 Dr. Wilhelm Hartung wilhelm.hartung@klgates.com T +49.30.22.00.29.220 K&L Gates includes lawyers practicing
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationU.S. SEC Proposes Liquidity Risk Management Programs, Optional Swing Pricing, and Liquidity Reporting for Mutual Funds and Certain ETFs
October 2015 Practice Group: Investment Management, Hedge Funds and Alternative Investments Global Government Solutions U.S. SEC Proposes Liquidity Risk Management Programs, Optional Swing Pricing, and
More informationCYBER 3.0. CUTTING-EDGE ADVANCEMENTS IN INSURANCE COVERAGE FOR CYBER RISK AND REALITY SFOR005 Speakers:
CYBER 3.0 CUTTING-EDGE ADVANCEMENTS IN INSURANCE COVERAGE FOR CYBER RISK AND REALITY SFOR005 Speakers: Roberta D. Anderson, Partner, K&L Gates LLP Timothy Flaherty, Manager, Insurance Risk Management,
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationInsurers Not Obligated to Defend in ZIP Code Coverage Suits
Insurers Not Obligated to Defend in ZIP Code Coverage Suits By Bryana Blessinger Hill & Lamb LLP Portland, Oregon Insurers are increasingly faced with privacy and data-breach related claims. One of the
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationCloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC
Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC Disclaimer THIS PRESENTATION IS TO ASSIST IN A GENERAL
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationRISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION
RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former
More informationInsurance Coverage Issues Implicated in Data Breach Claims
Insurance Coverage Issues Implicated in Data Breach Claims Alex E. Potente Sedgwick LLP San Francisco, CA (415) 627-3453 Alex.Potente@sedgwicklaw.com James H. Kallianis, Jr. Meckler Bulger Tilson Marick
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationApril 10, 2015 FLANNER HOUSE OF INDIANAPOLIS INC FLANNER HOUSE ELEMENTARY 2424 DR MARTIN LUTHER KING ST INDIANAPOLIS IN 46208
Liberty Mutual Insurance Processing Center PO Box 515097 Los Angeles, CA 90051-5097 April 10, 2015 FLANNER HOUSE OF INDIANAPOLIS INC FLANNER HOUSE ELEMENTARY 2424 DR MARTIN LUTHER KING ST INDIANAPOLIS
More informationTHE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK
THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.
More informationCyber Insurance What is it? Should your bank purchase it? Roberta D. Anderson Partner, K&L Gates LLP roberta.anderson@klgates.
Cyber Insurance What is it? Should your bank purchase it? Roberta D. Anderson Partner, K&L Gates LLP roberta.anderson@klgates.com March 8, 2016 AGENDA Spectrum of Cyber Risk Cutting Edge Cyber Insurance
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationEnterprise PrivaProtector 9.0
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
More informationCyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:
Company or Trading Name: Address: Post Code: Telephone: E-mail: Website: Date Business Established Number of Employees Do you have a Chief Privacy Officer (or Chief Information Officer) who is assigned
More informationClient Alert. Accountants and Auditors as SEC Whistleblowers. Categories of Persons Eligible or Not Eligible for SEC Whistleblower Awards
Number 1462 February 5, 2013 Client Alert Latham & Watkins Litigation Department Accountants and Auditors as SEC Whistleblowers Nearly every public company and financial industry firm subject to the enforcement
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationSupreme Court Decision Affirming Judicial Right to Review EEOC Actions
Supreme Court Decision Affirming Judicial Right to Review EEOC Actions The Supreme Court Holds That EEOC s Conciliation Efforts Are Subject to Judicial Review, Albeit Narrow SUMMARY A unanimous Supreme
More informationAlvarez & Marsal Global Forensic and Dispute Services. 2015 Asia Pacific Regional Meeting (APRM) Tokyo, Japan 23-25 April 2015
Alvarez & Marsal Global Forensic and Dispute Services 2015 Asia Pacific Regional Meeting (APRM) Tokyo, Japan 23-25 April 2015 A&M OVERVIEW GLOBAL REACH NEW YORK (GLOBAL HQ) LONDON (EUROPE HQ) HONG KONG
More informationInsurance Coverage for Data Security Breaches Evaluating Policy Options, Overcoming Coverage Challenges, Analyzing Litigation Trends
presents Insurance Coverage for Data Security Breaches Evaluating Policy Options, Overcoming Coverage Challenges, Analyzing Litigation Trends A Live 90-Minute Teleconference/Webinar with Interactive Q&A
More informationediscovery: Trends & Challenges
ediscovery: Trends & Challenges Joseph P. Grasser Carrie E. Jantsch January 28, 2014 Overview Trends & Challenges Mobile Device Electronic Discovery and BYOD Policies How BYOD Policies Complicate E-Discovery
More informationData Security Best Practices for In-House Counsel
Donna L. Wilson, Linda D. Kornfeld and Rebecca Perry Association of Corporate Counsel San Diego August 6, 2015 1 DONNA L. WILSON Tel: (310) 312-4144 Email: DLWilson@manatt.com Donna L. Wilson is co-chair
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationIRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411
IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING
More informationCYBER INSURANCE 101: Coverage Issues Related to Cyber Attacks and Cyber Insurance
CYBER INSURANCE 101: Coverage Issues Related to Cyber Attacks and Cyber Insurance By Dina M. Cox, 1 Elissa K. Doroff, 2 Kirsten Jackson, 3 Kathryn E. Kasper, 4 and Michael B. Rush 5 I. The Rise of Cyber
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More information