The Connecticut Supreme Court on Monday affirmed the lower courts' decisions in Recall Total Information Management, Inc. v. Federal Ins. Co., a case on which we have previously commented. Agreeing with the courts below, the high court held that there was no coverage under the insured's CGL policy for costs incurred by the insured in connection with the loss of computer tapes containing IBM employees' personally identifiable information. The tapes had fallen out of a van and were retrieved by an unknown individual, but there was no evidence that that individual, or anyone else, had actually accessed the information on the tapes or that their loss caused injury to any IBM employee. The court held that these facts did not trigger the CGL policy's coverage for injury caused by "electronic, oral, written or other publication of material that . . . violates a person's right of privacy."
As we previously observed, the facts of this case are unique, and there continues to be precious little judicial guidance on insurance coverage for the more common types of cyber liabilities, such as data breaches, in which the sensitive and confidential information of customers, employees, or others is illegally accessed. Nor is there much case law construing so-called "cyber" policies, specialized insurance that covers such liabilities. Coverage for cyber risk under both traditional and specialized policies remains relatively uncharted territory.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
