The Ten Minute #SocialMedia Insurance Coverage Primer
By: Olivera Medenica
Originally Given as part of a lecture to the New York State Bar Association on
Friday, May 20, 2011
This outline was provided to the at the New York State Bar Association as a primer for lawyers not familiar with e-commerce and social media liabilities that often require certain best practices and special insurances to address. While the outline cannot provide as much information as the lecture it accompanied, it can provide a quick intro for practitioners looking to better understand insurance coverage for their clients.
· Section I addresses common insurance coverage and internet/social media risks with illustrative cases.
· Section II addresses personal injury and advertising injury liability coverage with illustrative cases.
· Section III provides a brief intro into the new E-Commerce and Cyber-Risk insurance policies that are designed to fill the Internet and Social Media liability coverage void.
· Section IV provides a brief intro into what liabilities Errors and Omissions insurance policies can guard against.
I. Internet Risks and Insurance Generally
a. The rise of e-commerce and infiltration of social media in the business context has exposed many companies to a broad range of potential risks and liabilities.
b. Standard form property and casualty insurance policies issued to e-commerce businesses have gaps in coverage that increase the risk that coverage will be denied when an Internet-related claim is made.
c. These standard forms are meant to cover a policy holder’s direct physical loss or damage to covered property, and similar liability to third parties.
B. Commercial General Liability Insurance (“CGL”)
a. A CGL policy provides coverage for losses to the insured’s property and losses to third parties arising out of the insured business’ operations.
b. There are, however, numerous exceptions designed to limit the insurer’s exposure, particularly to third parties.
c. Typically, the standard-form CGL policy contains a minimum of 15 exclusions. See, e.g., Ins. Servs. Office, Inc., Commercial General Liability Coverage Form, CG 00 02 10 01 (2000).
d. In order to fill gaps in their CGL policies, insureds must purchase coverage endorsements to the CGL or specialty policies.
C. “Physical” Loss or Damage
a. The trigger for coverage under CGL policies is “physical loss.”
b. Internet-related risks often involve non-physical events, and therefore coverage under a standard form CGL policy may be denied.
c. In the context of the internet, a physical event (i.e. damaged hardware) may cause a minor physical loss but a substantial loss in terms of lost data, revenue and profits, as well as exposure from leaked confidential information.
d. Examples of items not clearly covered by CGL policies include protection from viruses, defamation, hackers, copyright and trademark infringement.
e. Insurers have therefore stepped in to provide products that fill the gaps between a standard CGL policy and the risks typically associated with e-commerce.
D. Examples of Cases Addressing “Physical Damage”
a. American Guarantee & Liability Ins. Co. v. Ingram Micro Inc., 2000 U.S. Dist. LEXIS 7299 (D. Ariz. April 18, 2000): Ingram’s data center had experienced a power outage which resulted in its computer ordering system and business operations to ground to a halt for 6 hours. Ingram sought coverage; and American denied it because of the perceived lack of physical damage. The court held that “ ‘physical damage’ is not restricted to the physical destruction or harm of computer circuitry but includes loss of access, loss of use, and loss of functionality.”
b. America Online, Inc. v. St. Paul Mercury Insurance Company, 347 F.3d 89 (4th Cir. 2003): AOL released an upgrade, AOL 5.0, during the policy term which ultimately caused substantial damage to end users’ computer systems. A number of class action lawsuits were filed against AOL. The court held that while damage to physical components of a computer caused by defective software would be covered, there would be no coverage for the loss of instructions, data or information because they are abstract and intangible. Whatever damage was incurred could be resolved by recoding and reinstalling the operating systems and application software.
E. Changes to Standard Form Because of AOL Case
a. The AOL case, as well as subsequent cases following the AOL case, led to changes by the ISO to its standard CGL form making it clear that data is not “tangible property” for purposes of coverage.
b. New standard insurance forms explicitly reject the notion that electronic data is property.
c. The definition of “property damage” as amended in 2001 states: “For the purposes of this insurance, electronic data is not tangible property. As used in this definition, electronic data means information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and application software, hard or floppy disks, CD-ROMS, tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment.” See Ins. Servs. Office, Inc., Commercial General Liability Coverage Form, §V (17)(b).
d. Because of this new definition, large insurance companies offer specialized insurance such as e-business and/or cyber-risk insurance policies.
II. Personal & Advertising Injury Coverage Generally
A. “Personal Injury”
a. The standard commercial general liability policy provides coverage for “personal injury” caused by an offense arising out of the insured’s business, excluding advertising, publishing, broadcasting or telecasting done by or for the insured.
b. “Personal injury” is an injury, other than bodily injury, arising out of certain enumerated offenses including:
1. False arrest, detention or imprisonment;
2. Malicious prosecution;
3. Wrongful eviction from, wrongful entry into, or invasion of the right of private occupancy of a room, dwelling or premises that a person occupies by or on behalf of its owner, and lord or lessor;
4. Oral or written publication of material that slanders or libels a person or organization or disparages a person’s or organization’s goods, products, or services; or
5. Oral or written publication of material that violates a person’s right of privacy.
c. Personal injury coverage is triggered by the commission of the offense, not the injury or damage suffered.
d. A commercial general liability policy will therefore provide personal injury coverage for an offense committed during the term of the policy, even if the injury occurs after the subject policy expires.
e. Offenses arising out of advertising, publishing, broadcasting or telecasting done by or for the insured are specifically excluded within the body of the insuring agreement itself. Pursuant to this provision, injury arising from the insured’s business activities or functions which can be characterized as advertising, publishing, broadcasting, or telecasting will not be covered. See Schiff v. Federal Insurance Co., 779 F. Supp. 17, 21 (S.D.N.Y. 1991).
B. “Advertising Injury”
a. The standard commercial general liability policy provides coverage for “advertising injury” caused by an offense committed in the course of advertising the insured’s goods, products or services.
b. “Advertising injury” is defined as injury arising out of certain enumerated offenses, including:
1. Oral or written publication of material that slanders or libels a person or organization or disparages a person’s or organization’s goods, products, or services;
2. Oral or written publication of material that violates a person’s right of privacy;
3. Misappropriation of advertising ideas or style of doing business; or
4. Infringement of copyright, title, or slogan.
c. The term “advertising” generally means widespread promotional activities usually directed at the public at large.
d. A minority of courts, however, interprets advertising as also including any activity that promotes an insured’s business or product – whether widespread activity or merely one-on-one personal solicitation. See Kirk King, King Cons., Inc. v. Continental W. Ins. Co., 123 S.W.3d 259, 265 (Mo. Ct. App. 2003); Amazon.com Int’l, Inc. v. American Dynasty Surplus Lines Ins. Co., 120 Wash. App. 610, 617, 85 P.3d 974, 977 (2004), review denied, 152 Wash.2d 1030, 103 P.3d 200 (Wash. 2004).
e. Courts are more likely to interpret the term advertising broadly if it is being employed in connection with an insuring provision versus an exclusion, and provisions excluding coverage for advertising injury. See Berman v. Gen. Accident Ins. Co., 176 Misc.2d 13, 19, 671 N.Y.S.2d 619, 623 (1998).
C. Personal and Advertising Coverage and the Internet
a. Liability risks arising out of a policyholder’s advertising activities and Internet presence include claims of libel, slander, defamation, violation of privacy rights, misappropriation of advertising ideas, and copyright violations.
b. Although CGL policies generally include personal and advertising injury, these policies contain a number of exclusions in the personal and advertising injury liability section.
c. Media and Internet related businesses are specifically excluded from coverage. See Ins. Servs. Office, Inc., Commercial General Liability Coverage Form, CGGL1, CG 00 01 12 04, Section 1B2(j).
d. Furthermore, personal and advertising injury committed by “an insured whose business is: advertising, broadcasting, publishing or telecasting; designing or determining content or websites for others; or an internet search, access, content or service provider” is excluded under the standard CGL policy. For purposes of this exclusion, however, the placing of frames, borders or links, or advertising, for the policyholder or others on the Internet, is not, by itself, considered the business of advertising, broadcasting, publishing or telecasting.
e. Another enumerated exception is for personal and advertising injury that arises “out of an electronic chatroom or bulletin board the insured hosts, owns, or over which the insured exercises control” is excluded from coverage.
III.New Insurance Policies – E-Commerce and Cyber-Risk
A. As a result of these gaps, insurers have come up with new insurance policies geared towards e-commerce and the Internet.
B. A typical e-commerce policy might include the following clauses:
a. First party coverage:
1. Information assets: Actual losses sustained by the insured as a result of a failure of its security system.
2. Cyber-extortion: Threat or connected series of threats to commit an intentional computer attached against the insured.
3. Business interruption: Lost profits and expenses resulting from damage to the insured’s computer network caused by a breach in security.
4. Crisis management: Cost of hiring a public relations, crisis management, or law firm to restore the confidence of the insured’s customers and investors in the security of the insured’s computer system, following a breach in security.
b. Third party coverage:
1. Display of Internet media: Display of any media, including advertisements, on the insured’s website; claims for slander and defamation, copyright infringement, domain name misappropriation, trademark infringement, improper deep-linking or framing, and other items.
2. Providing professional services: Claims for negligence related to a number of Internet professional services (application service providers, domain name registration services, e-commerce transaction services, Internet hosting services, Internet service providers, search engine services, and other Internet related services).
3. Breaches of security: Insured’s damages as a result of breaches of insured’s computer security.
1. Losses from a certified act of terrorism
2. Intentional torts and employee violations of computer network security
3. Physical damage to the computer network caused by traditional perils such as fire, earthquake, wind and water.
C. Other insurance products can go further and protect:
a. Patent infringement
b. Other risks in certain specific Internet businesses (i.e. internet publishing, website hosting, etc.)
IV.Errors and Omissions Insurance
A. E&O insurance provides coverage for damages resulting from negligence, omissions, mistakes and errors made by the insured.
B. Typical companies that might have E&O exposure include companies that deal in computers, computer equipment and software.
C. Example: Web site designer/programmer where the client sustains damages on its computer network as a result of mistake by designer/programmer.
D. Examples of exposures: service outages and interruptions; faulty technical support; faulty security measures; release of confidential information; designing, constructing or maintaining an Internet site; maintenance of chat rooms or bulletin boards; and faulty software.
E. For Internet/E-Commerce businesses, a typical E&O policy might result in a dispute as to the scope of coverage. It is therefore advisable to discuss with insurance broker as to the scope of applicable coverage.
- Compliance for Developers of Medical Applications and Software under HIPAA and Other Regulations
- Breakdown and Basics of a Non-Disclosure Agreement
- CLIENT ALERT: Ban on General Solicitation and Advertising for Private Offerings Lifted
- Intellectual Property Considerations for Crowdfunding
- Breakdown and Summary of Literary Option Agreement
- When forming a new venture to be conducted thro...
- When forming a new venture to be conducted thro...
- With the speculative, costly and long-term natu...
- By: Kaiser Wahab Non-Disclosure Agreements (“ND...
- By: Kaiser Wahab and Susanna Guffey Information...