Case Briefs

The policyholder asserted that the policy's reference to “publication in any manner” was “inconsistent with reading an implied requirement” that the publication had to be due to an act by the policyholder. The insurer disagreed, arguing that the phrase “in any manner” was most logically read to address only the method of publication, and not the party that sends that publication.

In granting summary judgment to the insurers, Justice Jeffrey K. Oing of the Supreme Court of the State of New York stated that, if he were to find coverage for the acts of third parties, he would be “essentially rewriting this contract, the insurance contract ' and ' expanding coverage when it was never contemplated.” Recognizing that the offenses in Coverage B all have an intent element, the court ruled that the coverage provision “cannot be expanded to include third party acts.” The court noted that the rest of the offenses enumerated in Coverage B focused on the acts of the policyholder, and it would be illogical for this prong to “take[] a different approach and include[] acts by third parties.” The court further noted that the limited case law published on the issue, such as Butts v. Royal Vendors, Inc', 202 W. Va. 448, 454 (1998), supported the proposition that Coverage B offenses do not cover publications by third parties. The Sony suit is one of a number of coverage actions where policyholders are testing the limits of coverage for data breaches under CGL policies. ' Laura A. Foggan , Dale E. Hausman and Matthew W. Beato , Wiley Rein

'

District Court Rejects Insurer's Attempt to Cloak Ordinary Claims Handling Documents

Joining a number of other jurisdictions, the U.S. District Court for the District of Maryland recently overruled an insurer's objection to, and thus affirmed, a magistrate's ruling that an insurer may not use attorney-client privilege and work product protections to shield from discovery documents created in the ordinary course of the insurer's business. See The Charter Oak Fire Ins. Co. v. American Capital, Ltd., Case No. DKC 09-100, 2013 WL 6844359 (D. Md. Dec. 24, 2013). As policyholders often assert, and American Capital confirms, such documents are not protected simply because the insurer has involved counsel in the claims handling process.

Defendants, American Capital, Ltd. (“American Capital”) and its alleged subsidiary, Scientific Protein Laboratories (“SPL”), were targeted in numerous underlying suits involving the allegedly defective drug heparin. Defendants tendered the claims to American Capital's liability insurer, seeking both a defense and indemnity. After denying any duty to defend or indemnify, the insurer filed a declaratory judgment action against its policyholders. During discovery, the insurer produced limited documents from its claims file, asserting that the remaining documents were protected from disclosure by the attorney-client privilege and work product protections due to counsel's involvement and the insurer's anticipation of litigation.

Granting American Capital's subsequent motions to compel, the magistrate held that “claims handling is an ordinary business function of an insurer” such that an insurer may not withhold documents as privileged or otherwise protected unless it can present “specific evidentiary proof” that the documents were: 1) created outside the ordinary course of its business; or 2) in anticipation of litigation. American Capital, Dkt. No. 255-1, Memorandum Opinion at 1-2 (entered July 24, 2013, redacted version unsealed Nov. 6, 2013) (“July 24, 2013 Opinion”).

By statute, Maryland law requires insurance companies to adopt and implement reasonable policies and procedures for the prompt investigation and handling of claims. See Md. Code Ann. Ins. ' 27-304(3). Accordingly, “[f]unctions performed pursuant to this statutory mandate occur in the ordinary course of business without the protection of attorney-client privilege or the work product doctrine.” July 24, 2013 Opinion at 2.

Specifically included in an insurer's ordinary course of business, then, are factual investigations to determine coverage. The district court agreed with the magistrate's determination that such investigations are not protected, even where performed by in-house or outside counsel. American Capital, 2013 WL 6844359, at *2 (quoting Dkt. Nos. 147 and 148, Hearing Transcript and Order (entered December 21, 2012)). These types of documents typically include facts and non-legal opinions about the facts, which are not privileged or otherwise protected. Id . Sharing these documents with, or having them created by, counsel does not automatically cloak them in privilege or work product protections. Id. For the same reason, a claims handler's request that counsel review a coverage determination “does not convert the analysis from an ordinary business activity to a litigation-geared activity.” July 24, 2013 Opinion at 7. Even American Capital's insurer did not dispute that, as a general practice, it and many other insurers retain outside counsel who are “simply acting as a claim handler.” Id . The magistrate expressly addressed this practice, cautioning that when insurers choose to engage in it, “privilege and work product protection are not available.” Id.

American Capital encourages policyholders to look behind an insurer's initial privilege or work product claims, rather than rely upon the insurer's assertions that its designations are correct. Policyholders should seek, and be granted, broad discovery in order to test an insurer's privilege assertions, including the date and reason counsel was retained and the nature of the insurer's own activities following the retention of counsel. An insurer's claims handling files often contain valuable facts that indicate how and why the insurer arrived at its coverage determination and can reveal inconsistencies, errors, and even bad faith activity. Insurers often improperly apply privilege designations in an attempt to withhold such facts from its policyholder. American Capital provides policyholders with further precedent to defeat such practices. ' Matthew L. Jacobs , Brian S. Scarbrough and Jan A. Larson , Jenner & Block

First Judicial Ruling Says No CGL Coverage for Data Breaches

Policyholder efforts to shoehorn coverage for data breach liability into the personal and advertising liability coverage of Commercial General Liability (CGL) policies have suffered a setback. A New York trial court has held that the theft of information by third-party hackers breaking into a computer system does not qualify as “oral or written publication in any manner of material that violates a person's right of privacy” for purposes of personal and advertising injury coverage (Coverage B) in a CGL policy. Zurich Am. Ins. Co. v. Sony Corp. of Am., 651982/2011 (N.Y. Sup. Ct., N.Y. Cnty. Feb. 21, 2014). Describing the case before it as the only “data breach case of this magnitude” involving CGL policies, the court agreed with insurer arguments concerning the scope and intent of coverage for “oral or written publication in any manner of material that violates a person's right to privacy.” This provision, the court concluded, requires “an act by or some kind of act or conduct by the policyholder in order for coverage to be present.”

Sony's PlayStation Network, which allows users to play video games against each other over the Internet, was hacked in April 2011. The hackers stole personally identifiable information belonging to over 77 million users, which was one of the largest data breaches in history. After the breach, Sony tendered suits brought by its customers to its CGL carriers, arguing that the hackers' theft of personal information fell within the enumerated offense of “oral or written publication in any manner of material that violates a person's right or privacy” under Coverage B. The carriers sought a declaratory judgment that the data breach claims did not fall within the policy's coverage.

The policyholder asserted that the policy's reference to “publication in any manner” was “inconsistent with reading an implied requirement” that the publication had to be due to an act by the policyholder. The insurer disagreed, arguing that the phrase “in any manner” was most logically read to address only the method of publication, and not the party that sends that publication.

In granting summary judgment to the insurers, Justice Jeffrey K. Oing of the Supreme Court of the State of New York stated that, if he were to find coverage for the acts of third parties, he would be “essentially rewriting this contract, the insurance contract ' and ' expanding coverage when it was never contemplated.” Recognizing that the offenses in Coverage B all have an intent element, the court ruled that the coverage provision “cannot be expanded to include third party acts.” The court noted that the rest of the offenses enumerated in Coverage B focused on the acts of the policyholder, and it would be illogical for this prong to “take[] a different approach and include[] acts by third parties.” The court further noted that the limited case law published on the issue, such as Butts v. Royal Vendors, Inc ', 202 W. Va. 448, 454 (1998), supported the proposition that Coverage B offenses do not cover publications by third parties. The Sony suit is one of a number of coverage actions where policyholders are testing the limits of coverage for data breaches under CGL policies. ' Laura A. Foggan , Dale E. Hausman and Matthew W. Beato , Wiley Rein

'

District Court Rejects Insurer's Attempt to Cloak Ordinary Claims Handling Documents

Joining a number of other jurisdictions, the U.S. District Court for the District of Maryland recently overruled an insurer's objection to, and thus affirmed, a magistrate's ruling that an insurer may not use attorney-client privilege and work product protections to shield from discovery documents created in the ordinary course of the insurer's business. See The Charter Oak Fire Ins. Co. v. American Capital, Ltd., Case No. DKC 09-100, 2013 WL 6844359 (D. Md. Dec. 24, 2013). As policyholders often assert, and American Capital confirms, such documents are not protected simply because the insurer has involved counsel in the claims handling process.

Defendants, American Capital, Ltd. (“American Capital”) and its alleged subsidiary, Scientific Protein Laboratories (“SPL”), were targeted in numerous underlying suits involving the allegedly defective drug heparin. Defendants tendered the claims to American Capital's liability insurer, seeking both a defense and indemnity. After denying any duty to defend or indemnify, the insurer filed a declaratory judgment action against its policyholders. During discovery, the insurer produced limited documents from its claims file, asserting that the remaining documents were protected from disclosure by the attorney-client privilege and work product protections due to counsel's involvement and the insurer's anticipation of litigation.

Granting American Capital's subsequent motions to compel, the magistrate held that “claims handling is an ordinary business function of an insurer” such that an insurer may not withhold documents as privileged or otherwise protected unless it can present “specific evidentiary proof” that the documents were: 1) created outside the ordinary course of its business; or 2) in anticipation of litigation. American Capital, Dkt. No. 255-1, Memorandum Opinion at 1-2 (entered July 24, 2013, redacted version unsealed Nov. 6, 2013) (“July 24, 2013 Opinion”).

By statute, Maryland law requires insurance companies to adopt and implement reasonable policies and procedures for the prompt investigation and handling of claims. See Md. Code Ann. Ins. ' 27-304(3). Accordingly, “[f]unctions performed pursuant to this statutory mandate occur in the ordinary course of business without the protection of attorney-client privilege or the work product doctrine.” July 24, 2013 Opinion at 2.

Specifically included in an insurer's ordinary course of business, then, are factual investigations to determine coverage. The district court agreed with the magistrate's determination that such investigations are not protected, even where performed by in-house or outside counsel. American Capital, 2013 WL 6844359, at *2 (quoting Dkt. Nos. 147 and 148, Hearing Transcript and Order (entered December 21, 2012)). These types of documents typically include facts and non-legal opinions about the facts, which are not privileged or otherwise protected. Id . Sharing these documents with, or having them created by, counsel does not automatically cloak them in privilege or work product protections. Id. For the same reason, a claims handler's request that counsel review a coverage determination “does not convert the analysis from an ordinary business activity to a litigation-geared activity.” July 24, 2013 Opinion at 7. Even American Capital's insurer did not dispute that, as a general practice, it and many other insurers retain outside counsel who are “simply acting as a claim handler.” Id . The magistrate expressly addressed this practice, cautioning that when insurers choose to engage in it, “privilege and work product protection are not available.” Id.

American Capital encourages policyholders to look behind an insurer's initial privilege or work product claims, rather than rely upon the insurer's assertions that its designations are correct. Policyholders should seek, and be granted, broad discovery in order to test an insurer's privilege assertions, including the date and reason counsel was retained and the nature of the insurer's own activities following the retention of counsel. An insurer's claims handling files often contain valuable facts that indicate how and why the insurer arrived at its coverage determination and can reveal inconsistencies, errors, and even bad faith activity. Insurers often improperly apply privilege designations in an attempt to withhold such facts from its policyholder. American Capital provides policyholders with further precedent to defeat such practices. ' Matthew L. Jacobs , Brian S. Scarbrough and Jan A. Larson , Jenner & Block