The world of patent defense insurance is evolving. What once was governed by a routine part of the “advertising liability” section of the Commercial General Liability policy is now the focus of specialized insurance products, the contours of which are still being defined.
When adding new or additional layers to an insurance program, policyholders are often asked to sign a “warranty letter” providing comfort to the prospective insurer that the policyholder is not aware of impending claims. Typical warranty letters include both subjective and objective representations, indicating that the policyholder has both no actual (or subjective) knowledge of any impending claims and no reasonable (or objective) expectation that such a claim will arise. If a claim later arises, these warranties may provide a basis for full rescission of a policy or create an exclusion for claims that the policyholder knew or should have known would be filed. And when a warranty is poorly worded or overly broad, it may give rise to a morass of coverage litigation.
The Supreme Court of Texas delivered good news to policyholders insured under a “Joint Venture Provision” endorsement commonly used in the oil and gas industry. In Anadarko Petroleum Corp. v. Houston Casualty Co.—a case arising from the 2010 Deepwater Horizon disaster—the court held that insurers assumed the obligation to reimburse the full amount of a joint venture partner’s defense costs, rejecting the insurers’ argument that their obligation was reduced by the “scaling” language of a Joint Venture Provision. As a result, the court held the insurers liable to Anadarko for over $100 million in defense costs, not just the $37.5 million they had already paid.
It’s time-proven advice: Never underestimate the power of an apology. This is true even in a legal context, and especially during a corporate crisis—an event with the potential to materially harm a company’s reputation or bottom line due to alleged negligence, malfeasance or other liability-driven factors. But even when an apology is a sound crisis and liability management tool, insurance and legal defense considerations can complicate its use. Policyholders are well-advised to proceed with care—and should neither automatically rule out an apology to relevant stakeholders and victims, nor issue apologies without fulsome consideration of the potential insurance and legal defense implications.
Have $57 million (or more) to spare? You’re going to need it if you run afoul of the EU’s General Data Protection Regulation (GDPR) without cyber insurance.
In late January 2019, the French data protection authority, CNIL, imposed a fine of €50 million—or roughly $57 million—on Google for violations of the GDPR. The fine is the largest imposed to date under the GDPR, since it came into effect in May 2018. The Google fine highlights a couple of things: the GDPR has teeth, and regulators in the EU won’t hesitate to enforce the regulation. Possibly more frightening to companies subject to the GDPR is that the fine was not imposed because of any data breach or disclosure of sensitive information but, rather, on account of Google’s ordinary data privacy practices.
Does the coverage in commercial general liability (CGL) policies for violations of the right to privacy extend to unwanted intrusions, or is it limited to the disclosure of personal information to a third party? On a recent request for clarification from the U.S. Court of Appeals for the Ninth Circuit in Yahoo Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, the California Supreme Court may be poised to answer this question under California law, which could have wide-ranging effects on companies seeking CGL coverage for Telephone Consumer Protection Act (TCPA) claims.
A corporate crisis is an event that has the potential to cause material harm to a company’s reputation or bottom line. Typically, these crises have a potential liability element, whether because of negligence, oversight, inaction, malfeasance, or mishandling by the company or others associated with the company. Though prevention strategies are helpful, corporate crises of varying magnitude are more inevitable than avoidable. Knowing that, companies are well advised to think through their crisis response strategies before crises materialize.
Latin America continues to be a prime market for business development and expansion; however, insurance coverage for businesses based in or doing business in the region sometimes lags behind what is necessary to sufficiently protect them against risk. Evaluating coverage for companies operating in Latin America requires a specialized skill set—for example, a key consideration when evaluating claims and reviewing coverage programs is that multiple languages are at play for programs that span the Americas. Master policies for companies based in the United States and global policies for multinational corporations will generally be written in English. Companies with operations or offices in Latin America will likely also have in place local policies written in Spanish and/or Portuguese.
Even when you’ve done your utmost to secure your organization’s cybersecurity—you’ve followed the advice of all the experts, you’ve checked all the boxes—you still may have an Achilles’ heel. Your cybersecurity is only as strong as its weakest point, which is often a vendor or supplier. In this context, a vendor could be anything from a cloud service provider, data processor, or IT engineer to an HR consultant, accounting firm, or health care benefits manager, while a supplier could be a key provider of manufacturing components or raw materials.
A recent decision in the Middle District of Florida, Southern Owners Insurance Company v. Gallo Building Services, Inc., reminds us of the high bar an insurer must clear to avoid its duty to defend an insured—even when that insured is out of business.