In a 3 page per curiam decision issued this week, the Connecticut Supreme Court upheld a lower court’s decision holding in Recall Total Information Management, Inc., et. al v. Federal Insurance Company, that Federal Insurance Co. and Scottsdale Insurance Co. commercial general liability policies did not provide coverage for losses of IBM contractors relating to a data breach from the loss of computer tapes. The incident occurred in 2007, when a cart holding computer tapes fell out of the back of a transportation company’s van on a highway exit ramp. Although the tapes could not be read on a personal computer and there was no indication that the information on the tapes was accessed, the tapes contained Social Security numbers, dates of birth and contact information of 500,000 IBM employees. It was reported that 130 of the tapes were removed by the roadside and were not recovered. The IBM employees were notified of the incident, but there was no evidence to indicate that any IBM employee was injured as a result of the incident.

The contractors sought insurance coverage for losses sustained from the incident and argued that the losses constituted personal injuries caused by the publication of material that violates a “person’s right to privacy.” They argued that the publication occurred when the IBM employees’ data was published “to a thief.” The appeals court disagreed, stating that “…we believe that access is a necessary prerequisite to the communication or disclosure of personal information, …the plaintiffs have failed to provide a factual basis that the information on the tapes was ever accessed by anyone.” The appeals court also held that a state law requiring notification of a data breach does not create a personal injury that would trigger coverage under the policies.

The Connecticut Supreme Court stated: “We…adopt the Appellate Court’s opinion as the proper statement of the issue and the applicable law concerning that issue.”

Insurance coverage cases of first impression, including for data breaches, are winding their way through the court system and will have important precedential effect. We are watching them closely and will keep you apprised of their development.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.