by KPMLAW | May 24, 2016 | KPMBlog, News, Profiles, Uncategorized
Written by Beth Gould, Esq. Companies increasingly face competing demands and challenges associated with the desire to provide convenient online spaces for their clients to conduct business while also ensuring those spaces are safe from data breaches. We are all familiar with, and seem to constantly hear about, data breaches due to intentional hacking by third parties who seek access to companies’ websites and other online databases in order to steal consumers’ information. However, there are also more passive data breaches which can occur due to a company failing to fully secure an online space. In the latter case, rather than a third party actively seeking entry into a companies’ online consumer information, a company may inadvertently fail to shore up a vulnerability in an online space it provides to its consumers, potentially leaving consumer information available to the public. Both types of data breach are risks which an insurer may consider insuring or may wish to forego insuring. If an insurer wishes to forego covering either, or both, sort of data breach, it must clearly address that when drafting its policy. The United States Court of Appeals for the Fourth Circuit recently considered a case involving a passive sort of data breach, affirming in an unpublished opinion that under the applicable insurance policies, a healthcare recordkeeping company must be accorded a defense by its insurer against claims by consumers that the company had made consumers’ private healthcare information accessible online to the general public. On April 11, 2016, the Fourth Circuit Court of Appeals ruled on an appeal by the plaintiff in the declaratory judgment action, Travelers Indemnity...
