Fifth Circuit Finds Insurer Has Duty to Defend Data Breach Lawsuit Under Personal Injury and Publicity Coverage – Insurance

United States: The fifth circuit concludes that the insurer has a duty to defend the lawsuits for data breach within the framework of coverage for personal injury and publicity

The United States Fifth Circuit Court of Appeals considered whether an insurer had a duty to defend its insured in a data breach lawsuit for personal injury and advertising injury coverage when the underlying claims involved a contractual relationship with a third party and not with individual consumers. Landry’s, Inc. v. The Ins. Pennsylvania State Company, 4 F.4e 366 (5th Cir. 2021).

A business operating a retail restaurant and other properties under contract with a business that processes credit transactions. An unauthorized program was installed on payment processing devices that intercepted customers’ names, card numbers, expiration dates and internal verification codes. The payment processor was contractually bound with the credit card companies to pay for losses related to the data breach, but the retailer was required to indemnify the payment processor, and the payment processor claimed reimbursement for losses that occurred due to the data breach. The retailer requested coverage from its insurer, who refused to cover the absence of personal or advertising damage. In a subsequent coverage litigation, the trial court issued a summary judgment in favor of the insurer because the complaint against the retailer did not allege personal or advertising damage, but rather contractual claims..

The Firth Circuit overturned, ruling that the complaint against the retailer sought damages “resulting from …[the] [o]oral or written publication … of material that violates a person’s right to privacy. He noted that the publication could be “any way” and would include all definitions of the word, and that “simply ‘expose or present [information] to see ”would be sufficient to be considered a“ publication ”under the policy. It further found that the allegations that the retailer released credit card data to hackers when the data was channeled through the affected systems and that the hackers released the data by making fraudulent purchases were sufficient for the requirement. publication of the policy. Second, the court noted that the policy requirement that harm results from a violation of a person’s right to privacy would include “all injuries” resulting from the violation of privacy. The court concluded that there was no doubt that a person had a right to privacy of their credit card information and that fraudulent use of that data would violate that right. The court noted that the policy did not limit coverage on the basis of tort or contract and explained that the analysis of coverage is based on the facts alleged in the complaint and not on actual legal theories. .

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR POSTS ON: United States Insurance