If a Data Breach Occurs and Nobody Accesses Customer Data, Does it Constitute "Publication"?
Time 2 Minute Read

As reported on the Hunton Insurance Recovery Blog, data breach claims involving customer data can present an ever-increasing risk for companies across all industries. A recent case illustrates efforts to recover the costs associated with such claims. A panel of the Fourth Circuit confirmed that general liability policies can afford coverage for cyber-related liabilities, and ruled that an insurer had to pay attorneys’ fees to defend the policyholder in class action litigation in Travelers Indemnity Company v. Portal Healthcare Solutions, No. 14-1944. Syed Ahmad, a partner in the Hunton & Williams LLP insurance practice, was quoted in a Law360 article concerning the importance of this decision.

In the Portal case, the specific issue was whether the mere online availability of sensitive information constitutes “publication” for purposes of triggering an insurance policy’s personal or advertising injury coverage and its corresponding duty to defend. The appellate court ruled it does and adopted the district court’s reasoning that “[p]ublication occurs when information is ‘placed before the public,’ not when a member of the public reads the information placed before it.” That the information may not have actually been accessed does not factor into whether the information was “published” for purposes of triggering coverage. Rather, the immediate accessibility to information and the broad reach of that material is itself sufficient to amount to the requisite publication.

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page