Living a life in 0.1 hour increments! Most law firm lawyers begrudgingly accept the necessity of meticulously counting their time, and most in-house lawyers are relieved when they no longer have to think about their days six minutes at a time. But as more in-house legal departments take on their company’s own defense, they are well advised to have time-keeping programs and procedures in place to recover the maximum amount from the insurance companies that have accepted a duty to defend or agreed to indemnify the company for defense costs.
The stopwatch is running. Companies are scrambling to figure out how the EU’s General Data Protection Regulation (GDPR)—due to go into effect on May 25, 2018—will affect how they do business. Uncertainty and speculation abound; no one knows exactly how the law will be enforced, particularly with respect to companies domiciled outside the EU, with no EU footprint, who process and hold the personal data of EU residents. But while publications are awash with advice regarding compliance, few tackle the question whether your business is protected against loss in the event of a data breach or other unintentional failure to comply. We strongly suggest that your due diligence include a review of your insurance coverage for GDPR non-compliance, especially for fines, penalties and lawsuits (individual or class action). Qualified coverage counsel should assist in the review, but key areas of focus include:
Coverage for Costs of Compliance
Many costs that companies will incur to comply with GDPR simply will not be covered by any insurance. Insurance is designed to respond to fortuitous loss or liability, not ordinary costs of doing business. Thus, for example, coverage likely is unavailable for expenses to adopt and implement data security measures, maintain required records, respond to individuals’ requests to access or delete their data, or hire a Data Protection Officer.
Sometimes you just can’t win.
Under the law of most states, the doctrine of rescission provides that when a policyholder gives a materially misleading answer on an application for insurance, the court may hold it void ab initio, meaning the policy is unenforceable from the outset, as if there had never been any coverage. But in Western World Insurance Co. v. Professional Collection Consultants, a split panel of the U.S. Court of Appeals for the Ninth Circuit put a new twist on the doctrine. It rescinded a D&O policy when the policyholder gave an answer that the panel majority considered misleading—even though it was factually the truth.
Any construction professional working in Florida likely is familiar with the state’s notice and opportunity to repair statute (“chapter 558”) that creates a process for trying to resolve construction defect claims without litigation. As the first step in this mandatory process, a property owner must serve a chapter 558 notice on the construction professional, which notice describes the alleged defects and damages. Many construction professionals submit chapter 558 notices to their general liability insurers and request a defense. But it has always been an open question whether the chapter 558 process is a “suit” triggering an insurer’s duty to defend—until now. In Altman Contractors, Inc. v. Crum & Forster Specialty Insurance Company, the Florida Supreme Court decided that the chapter 558 process is a “suit” but left open the possibility that the process is only a “suit” when an insurer says it is. In a per curiam opinion in the original federal case, the U.S. Court of Appeals for the Eleventh Circuit relied on the Florida Supreme Court’s opinion to vacate the district court decision holding that the chapter 558 process is not a “suit” and remanded the case for further proceedings.
Returning to the work routine after the winter holidays can certainly be a drag—but some new case law from the past year should put policyholders in higher spirits as 2018 begins. In two decisions with the potential for broad impact, courts expanded the ability of policyholders to recover attorney’s fees from actions against their insurers and to obtain independent counsel in cases where the insurer accepts the defense under a reservation of rights.
America is facing a reckoning. Many brave individuals have stepped forward over the last several months to speak truth about sexual harassment and assault in workplaces, in entire industries, and even in Congress. For a very long time, companies dealt with sexual assault and harassment allegations quietly and in backrooms, and these allegations often were not taken seriously. However, thanks to the turning tide, more companies are reexamining their internal policies, encouraging change in corporate culture, and addressing sexual assault, harassment, and discrimination claims more directly. As part of this effort, companies should also look at their corporate insurance programs to confirm insurance is in place should any such claim arise.
Only about 41 percent of companies with more than 1,000 workers report having some kind of insurance plan to cover sexual harassment and discrimination, and only about 33 percent of companies with at least 500 employees carry any insurance coverage for claims resulting from sexual harassment or assault. The numbers are even starker for startup companies, with only three percent of companies with fewer than 50 employees carrying such coverage. Therefore, while more and more companies are instituting anti-sexual harassment and anti-discrimination policies, many companies remain ill-prepared to handle the inevitable challenges that await individuals, executives, and companies alike, as a result of this watershed moment in American culture.
In most cases, a reasonable settlement produces a better result than litigation. A good settlement should provide more of what you need at a lower cost with less interruption of your core business.
Abraham Lincoln is credited with the following advice: “Discourage litigation. Persuade your neighbors to compromise whenever you can. Point out to them how the nominal winner is often the real loser—in fees, and expenses, and waste of time. As a peace-maker the lawyer has a superior opportunity of being a good man. There will still be business enough.”
The Las Vegas massacre. The Ariana Grande concert bombing in Manchester, England. The Pulse nightclub in Orlando. The concert hall attack in Paris. The mass shooting at a movie theater in Aurora, Colorado. The quickening drumbeat of attacks on companies and businesspeople that host public events and on those who oversee public areas and venues—such as musicians and concert organizers, hotels and concert venues—has created a surge of interest in terrorist insurance.
When looking for insurance, you should make sure you look beyond terrorism. While terrorism insurance is an indispensable piece of the puzzle, in the event you need to use the coverage, you are as likely—or more likely—to find that your CGL and property policies provide the answer.
One thing is for certain: cyberattacks have become the norm, not the exception. Not even the NSA is capable of completely warding off security breaches. Major banking and retail institutions, as well as the government, are not surprisingly the most likely targets because of the amount of sensitive and private data they control. Still, other companies outside these sectors must heed the warnings and not become the next cyber victim. Protecting against cyber vulnerability is not merely a domestic issue. Rather, multinational companies are prime targets, and are currently undergoing institutional changes to navigate the EU General Data Protection Regulation (GDPR) that goes into effect May 2018.
It’s that time of the year when Americans gather together, enjoy a feast, and fall asleep in front of the TV. But before the tryptophan kicks in, we also like to give thanks for the good things that have happened in the past year. Corporate policyholders can share in the tradition, as this year has produced a number of court decisions that favored insureds and protected their coverage expectations. Here are a few of the cases we are most thankful for:
This case out of the South Carolina Supreme Court gave generously to policyholders in a number of ways this year (giving us the opportunity to post in this blog again and again and again). The case involved defective construction claims against a developer. The developer’s insurer, Harleysville, provided a defense under a vague reservation of rights letter. After the underlying plaintiffs were awarded verdicts against the developer, Harleysville sued to avoid covering the judgments. The court ruled against Harleysville on four issues:
- Harleysville’s vague, general reservation of rights letter did not effectively reserve its rights to contest coverage under the terms and exclusions in the policy;
- Where the underlying verdicts did not apportion the damages between covered and uncovered losses, the insurer bore the burden of proving amounts allocable to uncovered losses. Where the insurer failed to meet that burden, it had to cover the entire verdict;
- Punitive damages awarded in the verdicts were found to be covered under Harleysville’s policy; and
- The owners’ association, which was asserting the dissolved developer’s coverage rights in the case, had standing to challenge the insurer’s reservation of rights letter.
Harleysville is a case that just keeps on giving.
The duty to provide a defense, or reimburse defense costs, is one of the most important features of liability insurance. You could say it’s the stuffing, where indemnity is the turkey. The Delaware Superior Court emphasized that obligation in Verizon to the tune of $48 million in defense costs that the insurer had refused to pay. This decision was important because it rejected the insurer’s attempt to define the vague term “securities claim” narrowly to avoid its obligation to pay defense costs. More broadly, the court upheld the pro-policyholder interpretative doctrine of contra proferentem, rejecting the insurer’s argument that the doctrine should not apply where the insured is a large, sophisticated corporation. Applying the doctrine, the court held that unless it can be shown that the insured had a hand in drafting the policy language, ambiguous terms should be interpreted against the insurer. A more detailed analysis of the decision by this firm can be found here.
Thanksgiving dinner is always better with more guests. Additional Insured endorsements in policies extend the invitation to more parties that may require a seat at the table of insurance protection. This is especially important in the construction context, where developers and general contractors rely on numerous subcontractors’ insurance policies to protect them from liability arising from those subcontractors’ work. These two decisions rejected insurers’ attempts to narrow the application of additional insured endorsements.
In All State Interior, previously highlighted here, a New York County trial court interpreted an endorsement broadly, granting additional insured status to companies that didn’t technically contract with the subcontractor, and who weren’t named in the endorsement. The court, in essence, incorporated the terms of the contract between All State and the subcontractor into the endorsement to trigger additional insured coverage for the project owner, site lessor, and construction manager as All State’s “partners, directors, officers, employees, agents and representatives.”
In McMillin, the insurer’s policy granted additional insured status to McMillin, the general contractor of a project, for “liability arising out of [the subcontractor’s] ongoing operations,” and excluded additional insured status for the insured’s completed operations. The insurer denied defense coverage on the basis that the subcontractor had finished working on the project. The California Court of Appeal disagreed, stating that the endorsement’s phrase “arising out of” is broader than “during,” and so the liability did not have to arise while the insured was still working on the project.
When it’s time for dessert, allocating the available pie to make sure everyone gets what they deserve can be tricky. This year, Missouri joined the ranks of “all sums” states that maximize coverage for policyholders with long-tail claims stretching over several years. The “all sums” method of allocation allows an insured to allocate all of its damages from long-tail losses to a single year of coverage. This ruling by the Missouri Court of Appeals was based on the plain language of the policies, which promise to indemnify the insured for all sums the insured is legally obligated to pay for occurrences during the policy period. The court also ruled that all triggered primary policies across a period of years need not be exhausted before excess policies in the period selected by the policyholder can be triggered. The court ruled that only the primary policy in one year needs to be exhausted before that year’s excess policies are triggered. For a more thorough analysis of this case, click here.
Rather than brave the stampedes of Black Friday, one can get good deals on holiday gifts on Cyber Monday. But to protect against cyber thieves, make sure your insurance coverage will protect you. In this case, the U.S. District Court for the Southern District of New York interpreted the computer fraud provision of a crime policy to do just that. Policyholder Medidata was the victim of fraud when someone tricked its employees into wiring money overseas, using spoofed emails that looked like they came from the company’s president. Medidata’s insurer denied its claim, stating that the computer fraud clause of the crime coverage required actual hacking into and manipulation of Medidata’s computer system. But the court sided with Medidata, ruling that the spoofing of emails violated the integrity of the insured’s computer system enough to trigger coverage, and actual entry by hackers was not required by the policy language or by precedent.
We at Pillsbury hope you all had a very Happy Thanksgiving!