Have $57 million (or more) to spare? You’re going to need it if you run afoul of the EU’s General Data Protection Regulation (GDPR) without cyber insurance.
In late January 2019, the French data protection authority, CNIL, imposed a fine of €50 million—or roughly $57 million—on Google for violations of the GDPR. The fine is the largest imposed to date under the GDPR, since it came into effect in May 2018. The Google fine highlights a couple of things: the GDPR has teeth, and regulators in the EU won’t hesitate to enforce the regulation. Possibly more frightening to companies subject to the GDPR is that the fine was not imposed because of any data breach or disclosure of sensitive information but, rather, on account of Google’s ordinary data privacy practices.
Does the coverage in commercial general liability (CGL) policies for violations of the right to privacy extend to unwanted intrusions, or is it limited to the disclosure of personal information to a third party? On a recent request for clarification from the U.S. Court of Appeals for the Ninth Circuit in 
A corporate crisis is an event that has the potential to cause material harm to a company’s reputation or bottom line. Typically, these crises have a potential liability element, whether because of negligence, oversight, inaction, malfeasance, or mishandling by the company or others associated with the company. Though prevention strategies are helpful, corporate crises of varying magnitude are more inevitable than avoidable. Knowing that, companies are well advised to think through their crisis response strategies before crises materialize.
Latin America continues to be a prime market for business development and expansion; however, insurance coverage for businesses based in or doing business in the region sometimes lags behind what is necessary to sufficiently protect them against risk. Evaluating coverage for companies operating in Latin America requires a specialized skill set—for example, a key consideration when evaluating claims and reviewing coverage programs is that multiple languages are at play for programs that span the Americas. Master policies for companies based in the United States and global policies for multinational corporations will generally be written in English. Companies with operations or offices in Latin America will likely also have in place local policies written in Spanish and/or Portuguese.
Even when you’ve done your utmost to secure your organization’s cybersecurity—you’ve followed the advice of all the experts, you’ve checked all the boxes—you still may have an Achilles’ heel. Your cybersecurity is only as strong as its weakest point, which is often a vendor or supplier. In this context, a vendor could be anything from a cloud service provider, data processor, or IT engineer to an HR consultant, accounting firm, or health care benefits manager, while a supplier could be a key provider of manufacturing components or raw materials.
A recent decision in the Middle District of Florida, 
New Jersey’s greatest contribution to American rock ’n’ roll, Bruce Springsteen, was nearly relegated to obscurity by a marijuana bust involving his bandmates. Rock legend has it that one of The Boss’ early bands, the Castilles, was forced to break up when some of its members were caught with cannabis in Freehold in 1967. While it would have been unthinkable back then, New Jersey is now on the precipice of marijuana legalization. Gov. Phil Murphy’s campaign platform included a commitment to legalizing recreational use, and three cannabis-related bills have passed through New Jersey Senate and Assembly committees and await the legislature’s final vote, which could happen this month. Legalization would transform New Jersey’s economy, and may also be a litmus test for nearby New York. Looking ahead, business owners, entrepreneurs and investors who are contemplating entry into the cannabis space, when and if legalization occurs, would do well to educate themselves about the potential insurability of various exposures facing the industry.
Before a court can resolve a dispute, it often needs to determine what law applies to that dispute. In certain insurance cases, that question will appear to have an easy answer. Some policies include explicit choice-of-law provisions indicating that they should be interpreted and applied according to the laws of a particular state, and such provisions are generally enforceable. But a case currently before the California Supreme Court highlights an important exception to this general rule and—should the policyholder prevail—would offer potential relief from the impact of stringent policy requirements.
A little over a month ago, a judge in Franklin County, Ohio, held that Bitcoin—a popular form of cryptocurrency—constitutes covered “property” under the terms of a traditional homeowner’s policy.
Insurance coverage litigation can be lengthy and is usually complex, and these characteristics are only exacerbated by the need to comply with often arcane state law rules of procedure. New Jersey, long a hotbed of insurance litigation, has too often exemplified this reality. Until now.