Statutory damages for alleged breaches of privacy statutes can be covered by insurance
Don't be misled, recent court decisions have gone against insurer arguments that statute damages are not insured under public policy.
October 02, 2013 at 05:00 AM
5 minute read
The original version of this story was published on Law.com
The protection of consumer privacy interests is at the forefront of public awareness and state and federal regulation, causing the potential for increased exposure to companies for alleged breaches of privacy statutes. With the ever-evolving risk that advances in technology will lead to interferences with consumer privacy interests, governmental entities seem poised to not only enact more laws and regulations to protect consumer privacy, but encourage strict enforcement of the laws already in existence. For example, on Sept. 23, 2013, modifications to the Health Insurance Portability and Accountability Act will become effective that expand the protections afforded to private patient information and increase liabilities associated with claimed breaches. Additionally, statutes such as the Song Beverly Act in California and cases interpreting them have led to upticks in class action litigation by consumers claiming improprieties by retailers with respect to the collection and use of customer zip code information. And a number of state's attorney generals are increasing regulation to address these privacy concerns.
While not all privacy statutes permit a private right of action, many do and often impose a specific damage amount, per violation, which, under certain statutes, can be trebled under certain circumstances. As a result, if the conduct in question involved thousands if not hundreds of thousands of claimed violations, the potential statutory exposure can be significant. In that circumstance, insurance can be a critical resource to help a company respond to claims against it and the risk of substantial “per violation” liability.
Regardless, insurers often will seek to avoid exposure by claiming that the policyholder's liability does not involve covered “damages.” A popular insurer argument is that the alleged privacy statute violation involves an uncovered statutory “fine” or “penalty.” Policyholders should reject such insurer arguments, even where the statute at issue expressly refers to the amount to be paid as a fine or penalty. In fact, the insurer argument is too simplistic. The question is not the words used in the statute to describe what the policyholder must pay but instead the nature of the liability.
Privacy (and other) statutes often will include a fixed amount that must be paid per violation. Insurers will argue that that fact means that the statute is imposing a fine/penalty. However, in many instances it is difficult to assign a specific monetary value resulting from a claimed violation. The statute thus creates a form of a liquidated damage to facilitate statutory enforcement. Liquidated damages are just that “damages,” which traditionally are covered by insurance. If the statutory amount is compensatory, rather than penal in nature, then companies should argue for coverage for these compensatory damages.
Recent court decisions have adopted this approach and should be cited by policyholders to counter coverage denials. For example, in May 2013, the Illinois Supreme Court in Standard Mutual Insurance Co. v. Lay rejected an insurer argument that the statutory damages set forth in the Telephone Consumer Protection Act were punitive and uninsurable under public policy. In finding the statutory damages remedial in nature, the court stated the TCPA is “clearly within the class of remedial statutes which are designed to grant remedies for the protection of rights, introduce regulation conducive to the public good, or cure public evils.” The court noted that Congress identified certain harms caused by a breach of the TCPA (“loss of paper and ink, annoyance and inconvenience”) and made them compensable by a liquidated sum per violation. The court further found that these liquidated damages were intended by Congress to be “an incentive for private parties to enforce the statute.” The court therefore concluded in favor of coverage based upon its statement that regardless of whether the statutory damages were viewed as a sum for actual harm or an incentive for aggrieved parties to enforce the statute, or both, the “fixed amount clearly serves more than purely punitive or deterrent goals.”
In August, the Supreme Court of Missouri in Columbia Casualty Co. v. HIAR Holdings, L.L.C. reached a similar conclusion, finding that fixed TCPA damages encompassed compensable harms and, therefore, were covered “damages.”
Considering this recent case law, and the compensatory nature of the financial exposure created by many privacy statutes, policyholders should actively pursue coverage for any potential award of statutory damages for violation of a consumer privacy law. In addition, they should be aware of this issue when purchasing privacy coverage. Some privacy policy forms include express exclusions for statutory fines, penalties or damages. Such exclusions are overly broad, given that courts are increasingly finding in favor of coverage when the amount owed under the privacy statute reflects a liquidated damage for a breach that is otherwise difficult to quantify. Thus, policyholders should seek to negotiate to narrow the language of the exclusion to comport with these recent decisions.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Coinbase Hit With Antitrust Suit That Seeks to Change How Crypto Exchanges Operate
3 minute read
Baker Botts' Biopharma Client Sues Former In-House Attorney, Others Alleging Extortion Scheme
Trending Stories
- 1'Largest Retail Data Breach in History'? Hot Topic and Affiliated Brands Sued for Alleged Failure to Prevent Data Breach Linked to Snowflake Software
- 2Former President of New York State Bar, and the New York Bar Foundation, Dies As He Entered 70th Year as Attorney
- 3Legal Advocates in Uproar Upon Release of Footage Showing CO's Beat Black Inmate Before His Death
- 4Longtime Baker & Hostetler Partner, Former White House Counsel David Rivkin Dies at 68
- 5Court System Seeks Public Comment on E-Filing for Annual Report
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
