Connecticut Affirms Personal Injury Coverage for Data Breach Requires Actual Publication

As expected, the Connecticut Supreme Court has affirmed decisions by both the trial court and intermediate appellate court that personal injury liability coverage for a business’s data loss or theft requires publication as a matter of law.  We reported on the oral arguments here.

The claim for coverage in Recall Total Information Mgmt. v. Federal Ins. Co., arose from the loss of computer tapes containing personal information of current and former IBM employees.  Recall Total had contracted with IBM to transport and store computer tapes containing this information and subsequently subcontracted with Ex Log to provide the transportation services.  During transport, the tapes fell off Ex Log’s truck on to the side of the road and were recovered by an unknown individual. 

As the Supreme Court recognized, however, there is no evidence that anyone ever accessed the information on the tapes or that their loss caused injury to any IBM employees.  Nevertheless, IBM spent a significant amount of money providing identity theft services to the affected employees and, in informal negotiations, sought reimbursement of those sums from Recall Total and Ex Log.  Ex Log’s liability carriers, whose policies named Recall Total as an additional insured, declined to participate in the negotiations or provide coverage.

Recall Total and Ex Log later filed suit for, among other things, breach of contract.  The trial court’s dismissal of this claim on summary judgment was later affirmed by the intermediate appellate court.  That court first concluded that there was no breach of the duty to defend because the settlement negotiations with IBM did not constitute a suit other dispute resolution proceeding that triggered such a duty under the policies.  The court next concluded that the loss of the tapes did not constitute a “personal injury” as defined by the policies because there had been no publication of the information stored on the tapes that had resulted in a violation of a person’s right to privacy.

This decision was appealed to and affirmed by the Connecticut Supreme Court.  Explaining that it would serve “no purpose” to repeat the lower court’s discussion, the Supreme Court adopted the intermediate court’s “well reasoned opinion . . . as the proper statement of the issue and the applicable law concerning that issue.”   

About The Author
Posted in Data Breach, Litigation, Privacy

Leave a Reply

Your email address will not be published. Required fields are marked *


About Cyber Law Monitor
In the new digital world, individuals and businesses are almost entirely dependent on computer technology and electronic communications to function on a daily basis. Although the power of modern technology is a source of opportunity and inspiration—it also poses huge challenges, from protecting privacy and securing proprietary data to adhering to fast-changing statutory and regulatory requirements. The Cyber Law Monitor blog covers privacy, data security, technology, and cyber space. It tracks major legal and policy developments and provides analysis of current events.
Subscribe For Updates


Cozen O’Connor Blogs