Under Commercial General Liability policies (“CGL”) and Umbrella policies, “publication” of usually defamatory statements to a third person will trigger coverage for “advertising injury” and a carrier’s duty to defend. Here, the Court of Appeal erroneously found that loading confidential personal employee data onto encrypted storage tapes that were later lost did not constitute a “publication” and therefore did not trigger the carrier’s duty to defend under the advertising injury provision of the policyholder’s CGL policy. UP argued in its brief that under Connecticut law, loss of this kind of data (“data breach”) should, trigger coverage. UP reminded the Court that coverage interpretation should always be informed by a policyholder’s reasonable expectations, which, in this case would effectuate coverage.Connecticut Law Tribune: “Numerous groups with interest in the digital security issues have submitted amicus briefs, including United Policyholders, a nonprofit group that provides information to insurance consumers in all 50 states. The group says this case is of particular importance to commercial policyholders in Connecticut who rely on their commercial general liability insurance policies for invasions of privacy. ‘Pandora’s box was opened the moment the IBM tapes were lost and taken by the third party,’ wrote Heather Spaide, of Anderson Kill in Stamford, on behalf of United Policyholders. Spaide noted that the information was not published in a newspaper but that publication occurred the moment employee information was made available and readable to whoever took the tapes on the roadside. ‘The unencrypted employee information is no longer safe, no longer secure. Connecticut’s definition of ‘publication’ needs to reflect this reality,’ she wrote.” Read the full article here.
Recall Total Information Management Inc., et al. v. Federal Insurance Co.
Court Connecticut Supreme Court
Case Number S.C. 19291
- Advertising Injury
- Data Breaches
- Duty to Defend
- Reasonable Expectations