I gave a presentation last week to the New Jersey Institute for Continuing Legal Education on the topic of insurance coverage for cyberliability. (I know, I know, that and four bucks will get me a latte at Starbucks.) The dangers of  data breach are quite the hot topic lately (NSA, Snowden, Target, and on and on).  The FBI says, in fact, that cyberattacks are the gravest domestic threat we face, even more serious than violent terrorism.

And the scams never end. The FBI recently issued a new warning about an email scam aimed at US businesses. The scam works through a criminal getting in the middle of your email traffic. The fraudster intercepts legitimate emails, and then creates a fake email address that’s nearly identical to that of one of your frequent correspondents. You don’t notice the new (but fake) email in the exchange, and pretty soon, you’re communicating with a criminal without knowing it. At some point, the fraudster issues instructions for payment, usually by wire transfer, and the funds go offshore and are long gone. This seems too simple to work, but apparently, according to the FBI, very sophisticated businesspeople have been falling for it.

The insurance industry is selling various products to deal with cyberliability risks. In fact, as of this writing, there are about 30 cyberliability insurance programs on the market, but no standard form. As I noted in an earlier post, despite the grave threat, many businesses aren’t buying the coverage, even though it’s reasonably priced.  As an example of the potential financial consequences,  the average cost of remediation is $194 per record. When you consider that the recent breach at Target apparently struck over 120 million records, you can see that we’re not exactly talking about chump change. 

Some companies may believe that adequate coverage already exists under their crime or property policies. But under traditional coverage, you’re in for a fight, partly because of ISO’s data breach exclusions (and new ones are coming out in May 2014, aimed largely at removing coverage under the “invasion of privacy” provisions of Coverage B).

An example of a case that didn’t go so well for the policyholder is the recent Connecticut decision in Recall Total Information Management v. Federal Insurance. The fact pattern will leave you shaking your head.  IBM (you know, the gigantic computer company) hires a contractor to transport and store its electronic data media.  The contractor hires a subcontractor.  While the subcontractor’s van is rolling down the highway, the data tapes go rolling out the back door of the van.  That’s not good, because the tapes contain employment-related data, including social security numbers, for some 500,000 past and present IBM employees. Someone – no one knows who – picks up the tapes from the highway.  (By the way, here’s exclusive footage of the contractors transporting the tapes.)

IBM spends over $6 million fixing the problem.  The remediation measures include notification to potentially affected employees and the establishment of a call center to answer questions regarding the lost data. IBM also provides those persons affected by the loss with one year of credit monitoring to protect against identity theft.  (These are all items that would likely be covered under the new generation of cyberliability policies.)

IBM brings a claim against the contractor for the $6 million, and the contractor tenders the claim to its general liability carrier under Coverage B of its general liability coverage (personal injury/invasion of privacy). Federal denies coverage, and the denial is upheld by the Connecticut court.  Why? Because under the policy, “invasion of privacy” requires the “publication” of the data, and there’s no proof that anyone ever downloaded the information from the tapes.

The Court writes: “There is nothing in the record suggesting that the information on the tapes was ever accessed by anyone. A letter from IBM to the affected employees …stated: ‘We have no indication that the personal information on the missing tapes, which are not the type that can be read by a personal computer, has been accessed or has been used for any improper purpose.’  Moreover, because the parties stipulated that none of the IBM employees have suffered injury as a result of the tapes being lost, we are unable to infer that there has been a publication. As there is no genuine issue of material fact that there was publication, we agree with the trial court that the settlement … was not covered under the policy’s personal injury provision.”

Sometimes trying to fit a data breach issue into the traditional coverage is like trying to pound a square peg into a round hole.  Lesson: Do yourself a favor and talk with your broker about cyberliability coverage, if you haven’t already.

One of the celebrities we lost in 2013 was the novelist Tom Clancy. I wasn’t a Clancy devotee, but I have to admit that “Red Storm Rising” and “The Hunt for Red October” were excellent military thrillers. In “Red October,” the KGB officer on board the Russian submarine (Red October) thinks that, rather than surrendering to the Americans, the Captain (played by Sean Connery in the movie) is evacuating the crew and planning to scuttle the ship and go down to Davy Jones’ locker with it.  The KGB officer tells the Captain, “You’ll receive the Order of Lenin for this.” What the KGB officer doesn’t know, of course, is that the Captain is actually planning to defect and turn the sub over to the U.S. Navy.  There goes the Order of Lenin.

In the Russian Navy, I’m guessing that if you get caught trying to defect, the penalty involves a hanging rope or a firing squad. In American business, on the other hand, if you try to defect and get caught, the result is litigation. (Some people may argue that the latter is worse.) Here’s a question, though:  If executives leave a company and steal that company’s clients, do they potentially have insurance coverage for the resulting lawsuit by their former employer? The knee-jerk reaction, of course, is “no,” because a basic tenet of insurance law is that coverage doesn’t exist for intentionally caused harm. And, in fact, that’s what the Sixth Circuit held in a recent decision involving competing insurance brokerages. I’d like to delve into the coverage issue a bit more deeply in this post, however.

The Sixth Circuit case I refer to is Szura v. General Accident Ins. Co.  The fact pattern is familiar to anyone who deals with professional services organizations.  Szura and Mayfair are competing insurance brokerages.  A broker, Doug Charon, leaves Mayfair to go to Szura.  Charon then contacts Mayfair’s clients to sell them insurance products.  Mayfair sues, alleging breach of a noncompete.  One of the counts in the complaint is for “tortious interference with business relationship.”

Szura tenders the lawsuit to its E&O carrier,  General Insurance. General denies the claim.

The E&O policy contains the familiar language providing coverage for liability arising from wrongful acts performed in the course of providing “professional services.”  “Professional Services” are essentially defined to include services performed for others in the policyholder’s capacity as an insurance agent. “Wrongful Act” means “any actual or alleged negligent act, error or omission, Personal Injury, or Advertising Injury.”  The policy excludes coverage for “any claim . . . arising out of any dishonest, fraudulent, criminal, or malicious act, error, or omission or acts of a knowingly wrongful nature committed by or at the direction of any insured.”

So, regardless of whether tortious interference is deemed a “wrongful act performed in the course of providing professional services,” the E&O policy excludes coverage for acts of “a knowingly wrongful nature.” End of story, right? So held the Sixth Circuit, writing:  “The Errors and Omissions Policy committed General Insurance to defend Szura against certain negligence claims; Mayfair’s suit against Szura alleged intentional torts rather than negligence; and General Insurance therefore had no duty to defend Szura in the Mayfair litigation.”

The decision gets interesting, though, when the Court writes this:  “Szura argues that General Insurance had a duty to defend Szura against intentional misconduct as well as negligent acts, errors, and omissions because the ‘Exclusions’ section of the Errors and Omissions Policy states: ‘We will defend the insured against such claim unless or until the dishonest, fraudulent, criminal, malicious or knowingly wrongful act has been determined by any trial verdict, court ruling, regulatory ruling or legal admission, whether appealed or not.’ Szura misunderstands the effect of this exclusion. Exclusions limit the scope of coverage; an exclusion cannot expand the scope of coverage beyond that provided in the insuring agreement.” 

The argument that “exclusions cannot create coverage” is a favorite of the insurance defense bar (see the current battles going on in the construction defect coverage world, over the “your work” exclusion). If we examine the language closely, however, we can see that the exclusion in Szura is not being used to “create” coverage. Coverage exists until a knowingly wrongful act has been proven. That’s what the policy says.

Is it possible to interfere with someone’s prospective economic advantage negligently? Suppose, for example, Charon had contacted Mayfair’s clients without knowing that they were Mayfair’s clients? Or, suppose Mayfair’s clients had contacted him, without having been solicited?

California, for one, specifically recognizes a tort of negligent interference with contractual relations, and has a model jury charge on that topic, which you can read here.  The gist of the cause of action is that the defendant should have known of a relationship that probably would have resulted in a future economic benefit to the plaintiff, and failed to act with reasonable care. And in People Express Airlines v. Consolidated Rail Corp., 100 N.J. 246, 495 A.2d 107 (1985), the New Jersey Supreme Court wrote as follows at Note 4:  “The notion that the defendant must have breached a duty independent of the negligent interference with economic expectations assumes that the defendant’s negligence–fortuitously resulting only in economic losses–is not a tort. Whether the law recognizes the injury as compensable is a matter of policy; but clearly an ‘independent’ tort has been committed, and no parasitic relationship with another tort should be required before determining whether the injury is compensable. Further, the rule-of-damages rationale does not explain why the application of concepts of duty and proximate cause, which serve negligence well in cases where the plaintiff is physically harmed, cannot function equally well in cases in which there has been no physical harm.”

What happens in many insurance coverage cases is natural and understandable. A judge (being a human being) sees that someone has done something that the judge considers to have been wrong or malicious. The judge, consciously or unconsciously, does not want the wrongdoer to avoid punishment by accessing insurance coverage. So, while the defense bar often refers to results-driven decisions, that knife cuts both ways. I think it’s important to remember that policyholders generally do not buy insurance for commercial advantage; instead, they buy it to protect themselves against catastrophic loss. Under the language of the policy, unless and until the carrier proves knowingly malicious conduct, coverage should exist.  (Unfortunately, though, I’m not wearing a black robe.)

You can read the full Szura decision by clicking here.

There’s an old story about famous Greek orators. When Demosthenes would speak, the people would say, “My, what a pretty speech!”  But when Cato would speak, the people would say, “On to Carthage.”  That’s because Cato was a one-issue guy (“Carthage must be destroyed”), and was excellent at convincing his listeners of the need for immediate action.

My first boss was kind of like that, except, instead of “Carthage must be destroyed,” he would say, “Occurrence is ambiguous.”  No matter what insurance issue was presented, the answer was always the same: “Occurrence is ambiguous.”  And, in many contexts, he was correct. Think, for example, about how many millions of dollars in legal fees were spent arguing over whether the terrorist attack on the World Trade Center was one occurrence for insurance purposes, or two.  (The answer to that question was not even the same across policy forms.)

An interesting issue along these lines recently came up in federal court in California.  Moon Marine (USA) is an importer and distributor of canned tuna.  Unfortunately, consumers who bought the tuna got more than they bargained for in terms of what was in the cans, and ended up with salmonella poisoning. Moon Marine recalled the tuna, and filed a claim with its general liability carrier. The policy had a $1M per occurrence limit with a $2M aggregate. The carrier, General Insurance Company of America, argued that the 25 underlying claims for salmonella poisoning were a single “occurrence” under the insurance policy, and that the policyholder’s recovery was therefore confined to the single occurrence limit of $1M.  According to General, Moon Marine’s liability arose from a single cause – the importation and placing into distribution of contaminated tuna from a single supplier in India.

Moon Marine, on the other hand, argued that each claimant’s injurious exposure to salmonella was itself a separate occurrence.  Moon Marine also argued, alternatively, that the underlying cause of the salmonella outbreak remained unknown, and that a factual dispute remained as to whether there was a single cause, or multiple causes representing independent occurrences.

The factual background of the contamination was, well, disgusting. The FDA inspected the processing facility in India, and found multiple possible sources of contamination. The FDA noted, for example: “Tanks used for the storage of process waters have apparent visible debris, filth, and microbiological contamination…Apparent bird feces were observed on the ice manufacturing equipment at [the facility]; insects and filth were observed in and on the equipment…Some of the floor and wall tiles in the tuna processing area are broken and cracked, not allowing for proper cleaning. After cleaning, the ceiling directly above the in-process tuna line was observed to have visible product residue. After cleaning, product residue and rust were observed on knives and utensil storage boxes. These knives were used to cut raw tuna.”  (Hungry yet?)

Faced with this record, the Court framed the issue as follows: “The question is whether… Distributors measure the number of occurrences by the number of proximate causes of the harm, or whether their distribution merges all proximate causes into one.” The Court noted that “in the majority of jurisdictions, the number of occurrences is determined by the number of proximate causes rather than the number of individual injuries.”

In the end, the Court punted, writing as follows: “In order to decide what the occurrence is in this action, we need to trace the accused products back to the original source to determine the nature of the specific defect, recognizing that according to the FDA multiple strains of salmonella might have been at work. This might be accomplished by tracing the defect to multiple batches to see if one particular strain was at fault.”  The case of the disgusting tuna continues.

And so, once again, my boss was right:  Occurrence is ambiguous.

As the weeks following Sandy have stretched into months, and the months are beginning to stretch into years, businesses and homeowners with unresolved claims have been asking me whether it’s worthwhile to complain about their carrier to the New Jersey Department of Banking and Insurance (“DOBI”).  Truth be told, it’s a complete waste of time. In the few instances that I’ve filed complaints with DOBI because of egregious delays or obvious misinterpretation of policy provisions (in one instance, the carrier contended that my client’s policy had been canceled, and I submitted proof that it hadn’t), the response essentially has always been the same: “This is a private contract matter, and the Department will not get involved.”  Worse, the recalcitrant carrier sometimes tries to use DOBI’s refusal to investigate as evidence of its good faith.

This week, I attended a business conference at which the Commissioner of DOBI, Ken Kobylowski, spoke.  I don’t know Mr. Kobylowski personally, although I’ve heard him give presentations on several occasions. He seems like a cordial and intelligent person. An industry watchdog, however, he is not. In fact, I heard him at another business conference soon after Sandy, and he said: “The Department won’t rewrite policies to provide coverage,” I don’t know exactly what that means, but it sounds suspiciously like:  “The Department will always accept the carrier’s coverage decision.” 

Here are my observations about just a few of the comments the Commissioner made in his most recent speech.

Mr. Kobylowski discussed the Sandy mediation program, and said that he was happy with its “success rate” of (supposedly) 70%, but was disappointed that only 700 policyholders had participated in the program. (According to Mr. Kobylowski, New Jersey policyholders have filed 465,000 Sandy-related claims, which means that we have a robust participation rate in the mediation program of .15% – that’s point-one-five percent.) When I was in law school, I would often stay up late at night arguing with my good friend Ronny Sendukas, now a lawyer in California, over politics, sports, and just about anything else you might think of. Ronny once said to me that there are three categories of information in the world: lies, damn lies, and statistics. (He actually used a stronger word then “damn,” but you get the point.) Along these lines, to say that the Sandy mediation program has had a success rate of 70% depends on how you define “success.” Carriers generally show up at the mediation with a lowball offer, and the policyholder, faced with the unattractive alternative of expensive and time-consuming litigation, sometimes takes the money and moves on. In government-speak, I guess that’s “success.”

Mr. Kobylowski also said that the insurance industry has done a “terrific job” with Sandy, which, according to him, was “mostly a flood event,” which is the reason that the average claim payout has only been $6000 (since flood is generally not a covered peril under commercial and homeowners’ policies). He said that out of 40,000 commercial property claims filed in New Jersey, 94% of them have been closed; and, of 14,000 business interruption claims filed, 97% have been closed.

Now wait just a minute, here. The idea that Sandy was “primarily a flood event” for insurance purposes was inflicted upon the public by homeowners’ and business insurance companies immediately following the loss. The carriers knew that flood damage was not covered and that most policyholders, dazed by the magnitude of the damage and inexperienced in insurance, would believe the rhetoric. I know from first-hand experience that carriers denied claims on the Barrier Islands on the ground that they were flood-related, without even sending adjusters onto the island to inspect the damage.

Carriers also assign “forensic engineers,” most of whom derive a significant amount of business from the insurance industry, to prepare reports to substantiate the fact that damage was caused by flood, and not wind (which usually would be covered). In reading the reports, I’m generally impressed with these engineers’ divination ability, since no scientific testing is cited, and the engineers base their conclusions mainly on their finely-honed skills of subjective observation.  To support their position, they usually include lots of colorful photos of what’s left of the house or building, construing the term “weight of the evidence” literally.  

The problem for policyholders is that obtaining a detailed engineering report to contradict the superficial reports proffered by the insurance companies can be expensive. (I’ll tell you this:  A good engineer who looks at the issue objectively – and I know several – often can present significant and powerful evidence of wind damage. The wind gusts on the New Jersey coast, after all, approached or exceeded 100 miles an hour, which is enough to ruin your whole day.)

At the end of his talk, Mr. Kobylowski said to the businesspeople in attendance, most of whom were insurance executives: “You’re doing such a good job you make my job easy.”

So:  Should you complain to DOBI about your carrier dragging its feet?  If you do, the response will likely go something like this.

I once heard a veteran of the complex commercial litigation wars describe the process as follows. “Each side hires an expert,” he said, “and the preponderance of perjury prevails.”

A cynical – if funny and unfortunately too-often-accurate – view.  Recognizing that expert witnesses are, in essence, paid advocates, the Supreme Court formulated the Daubert and Kumho Tire “gatekeeping” tests awhile back to try to keep some integrity in the process of expert testimony.  In insurance coverage, one area where we frequently deal with experts is business interruption. Business interruption is best thought of as “but for” insurance. That is to say, “but for” the incident, the policyholder would have made X dollars in revenue during the period of restoration, which represents the covered BI loss. By its very nature, this problem requires projections of anticipated revenue and expenses, and comparison of such projections to actual past experience. Being an inexact science, there’s much opportunity for mischief on both sides.

In Manpower, Inc. v. Insurance Company of the State of Pennsylvania, the Seventh Circuit recently dealt with a case in which the trial judge struck the policyholder’s damages testimony as to business interruption, and then entered summary judgment in favor of the carrier because, without an expert, the policyholder had no way of proving its loss. The case dealt with a building collapse that left Manpower’s French subsidiary unable to access office space in Paris for more than a year.

Manpower’s accounting expert, Eric Sullivan, opined that the total loss for business interruption and extra expense was €7,503,576, including an estimated business interruption loss of €5,125,830. Sullivan used an estimated growth rate of 7.76% to project total revenues. He did that by comparing the total revenues from January to May 2006 – the five month period preceding the collapse – to total revenues earned in the same five-month period in the year 2005.

The insurance company argued that Sullivan’s chosen growth rate didn’t accurately represent Manpower’s historical performance, which included a negative average annual growth rate of 4.79% during the period of 2003 to 2009, and a 3.8% growth rate for the period January 2005 to May 2006. Sullivan explained that, although he reviewed economic data going back to 2003, he used a shorter period from which to extrapolate the growth rate because (according to Manpower’s management) a recent corporate acquisition, the enactment of new corporate policies, and the installation of new managers had turned the company around by the end of 2005.

The trial court agreed with the insurance company, finding Sullivan’s methodology to have been “unreliable” under Daubert and Kumho Tire, and therefore striking it – but the appeals court reversed on that issue. 

Finding that the trial court had misinterpreted its role as “gatekeeper” of potential expert evidence, and instead improperly inserted itself as “decider” of that evidence, the appeals panel wrote as follows:

“Sullivan consulted the policy to ascertain the methodology for calculating the business interruption loss, and the district court expressly concluded that his equation was consistent with the policy’s mandate. And in selecting the first variable—[the policyholder’s] projected revenue if the collapse had not occurred—Sullivan utilized growth-rate extrapolation, which the district court determined was sound…Having drawn those conclusions, the district court’s assessment of the reliability of the methodology ought to have ceased…Instead, the district court drilled down to a third level in order to assess the quality of the data inputs Sullivan selected in employing the growth rate extrapolation methodology…The district court thought Sullivan should have selected different data, covering a longer period, as the base for his projection, but the selection of data inputs to employ in a model is a question separate from the reliability of the methodology reflected in the model itself [and is a matter for the jury].” (Emphasis supplied.)

A few observations about this: 

First, business interruption claims are inherently scary for policyholder counsel, because they usually turn upon a single point of failure (which is something I never want to have in a trial if I can help it) – namely, the soundness of expert testimony. Without accounting and financial projections, it’s difficult if not impossible to prove a BI case. It’s advisable, therefore, to tell your expert to be as conservative as possible.

Second, insurance companies are forever trying to avoid BI losses on the ground that projections of future earnings are “speculative,” as the carrier did here.  (We have one BI case in the office, for example, involving a fire, in which the carrier is insisting that we identify customers who didn’t buy from our client during the period of restoration. This, of course, is absurd. By analogy, if a supermarket burned down, could the carrier legitimately ask what customers failed to buy groceries there during the period of restoration?) Sullivan had a reasonable explanation for why he used a relatively short period of time upon which to base his data projections – namely, changes in the company had positioned it for better growth. Insurance companies hate that sort of thing, but under the language of Daubert and Kumho Tire, the appeals court correctly decided that the credibility of the data was an issue for the jury.

Finally, I note that even though the policyholder won the damages argument (at least for now), it lost the war based on an “other insurance” issue (at least for now) – namely, that a “local” French policy with lower limits had to be exhausted before the master policy could be tapped anyway.

You can read the complete decision here

With the one-year anniversary of Sandy just having passed, many policyholders are asking how long they have to sue their carrier. Be careful. Many insurance policies contain limitations periods that shorten the general six-year statute of limitations for breach of contract in New Jersey. Such provisions are enforceable both in New Jersey and in New York. Contractual limitation periods may be tolled during the investigation of a claim by a carrier, but the limitation period begins to run again once the investigation is complete and the carrier has apprised the policyholder of its full and final determination of the claim. Peloso v. Hartford Ins. Co., 56 N.J 514, 267 A.2d 498 (1970). 

If you’re a Rolling Stones fan, you may remember the (underrated) 1974 song, “Fingerprint File.”  (You can hear it by clicking here…“Listenin’ to me/On your satellite.”)  Who knew that, four decades ago, Mick and Keith could be so prescient about cybersnooping and leaks of sensitive data?  Edward Snowden, Bradley Manning, NSA, Nigerian scammers…even British schoolboys are now getting in on the “data breach” act!  The annualized cost of cybercrime incurred by a benchmark sample of US organizations was $11.56 million over the past year, representing a 78% increase since the initial study was conducted four years ago. The time it takes to resolve a cyberattack has increased by nearly 130% during the same time period, with the average cost incurred to resolve a single attack totaling more than $1 million. The average time spent to resolve a cyberattack was 32 days.

All of this disturbing information raises the question: Why aren’t more companies buying insurance coverage specifically designed to deal with cybercrime? Part of the issue, at least with respect to smaller and middle-market companies, may be that the coverage is relatively cheap, meaning that retail brokers don’t have a terrific incentive to market it. So, with respect to companies with between $10 million and $25 million in annual revenue, only 6.9% have purchased cybercoverage, based on figures compiled by Advisen. Even big companies that generate more than $5 billion in revenue, however, have a relatively low participation rate in the cybercoverage market: 21.9%. With an SEC Guidance now requiring publicly traded companies disclose the insurance that they maintain to deal with cyberattacks, I’d imagine that the percentage of large companies buying such insurance will markedly increase, though.

In the interim, companies faced with cyberliability sometimes seek to enforce coverage under other policy forms. I previously wrote about one such case here.  A couple of weeks ago, a federal court in California issued a significant ruling finding coverage for a data breach under a commercial general liability policy.

The facts of the case, Hartford Casualty Insurance Company v. Corcino & Associates, will leave you wondering, “Did this stuff really happen?” Or, as my teenage daughter might type in a text: “SMH.”

Corcino is a business consultant to the health industry. Stanford Hospital apparently engaged Corcino to provide consulting services, and, as part of the engagement, gave Corcino access to private and sensitive medical information (including psychiatric information) for almost 20,000 patients of Stanford’s Emergency Department.  Corcino then inadvisably gave the information to an employment applicant, and asked him to perform certain tests with the data as part of a “test for employment suitability.” I’m guessing that the applicant failed the suitability test (at least in retrospect), because he promptly posted all of the confidential information on a public website called “Student of Fortune,” which is an online tutorial marketplace for students who need help with their homework.  The sensitive data remained there for a year, before one of Stanford’s patients found it and became justifiably upset.  This being America, class action litigation followed.

Hartford had sold a commercial general liability policy to Corcino containing the standard coverage for “personal and advertising injury” (otherwise known as “Coverage B”). The policy obligated Hartford to pay amounts that Corcino became “legally obligated to pay as damages because of… Electronic publication of material that violates a person’s right of privacy.” The policy, however, excluded coverage for personal and advertising injury “arising out of the violation of a person’s right to privacy created by any state or federal act.” An exception to the exclusion stated: “However, this exclusion does not apply to liability for damages that the insured would have in absence of such state or federal act.”

Hartford filed a lawsuit for declaratory relief that there was no coverage for the claim, on the ground that the unhappy patients had premised their lawsuit on statutes such as California’s Confidentiality of Medical Information Act.

It’s difficult to understand Hartford’s position, which seems to read the exception to the exclusion out of the policy. (Coverage lawyers with experience in the construction defect world may be familiar with the concept of reading exceptions out of exclusions, since insurance companies and some courts are fond of reading the “subcontractor exception” to the “your work” exclusion out of general liability policies.)

Unwarranted invasion of privacy is a tort irrespective of statutory law, and the Court here so held, writing: “Since at least 1931, California has recognized both a constitutional privacy right and a common-law tort cause of action for violations of the right to privacy… Although courts have expressly recognized a constitutional right of privacy with respect to medical records since at least 1979, medical records have been considered private and confidential for well over 100 years at common law.”  Hence, Corcino would have faced liability irrespective of any statutory law, and the exception to the exclusion allowed for coverage.

Hartford also argued that it only sought a ruling that no duty to indemnify existed for statutory penalties. The Court rejected that argument, holding that the statutes created “effective remedies for breaches of an individual’s right to medical privacy” (emphasis added),  meaning that the statutes allowed injured persons “to recover damages for breach of an established privacy right.”  The Court opined that “if Hartford had intended to include a specific distinction in its exclusion, it could have done so when drafting its Policy.”

If Hartford appeals this ruling, I’m guessing that the damages issue will be the focus of the appeal: namely, that the patients were claiming damages established by statutory law (not common law), which (Hartford will argue) should not be covered because of the “statutory cause of action” exclusion. I think that’s a distinction without a difference. As the New Jersey Supreme Court has held in an analogous context, “to allow the insurance company to construct a formal fortress of the third party’s pleadings and to retreat behind its walls, thereby successfully ignoring true but unpleaded facts within its knowledge that require it, under the insurance policy, to conduct the putative insured’s defense would not be fair.”   SL Industries, Inc. v. American Motorists Insurance Co., 128 N.J. 188, 199 (1992).  So, we’ll see.

You can read the full Hartford v. Corcino decision by clicking here.

Settling complex insurance claims involving multiple carriers can be like playing three-dimensional chess. (Since I can’t even play one-dimensional chess, that means it’s really difficult.) I once had a multimillion-dollar environmental insurance coverage settlement fall apart because one of the participating carriers would not assume an extra 1% of the coverage, despite (or perhaps because of) pressure from the other carriers in the case to do so. That was frustrating. Equally frustrating is when one carrier does the right thing and steps up to defend the policyholder, and the other carriers drag their heels on contributing an equitable amount.

Such was the scenario in the recent New Jersey Supreme Court case of Potomac Ins. Co. v. Pennsylvania Manufacturers’ Association Ins. Co.  This case involved the question of insurance coverage for construction defects.  The policyholder, Roland Aristone, Inc., was general contractor on a middle school construction project, and was sued by the township for faulty workmanship done by subcontractors.  Several insurance companies had sold policies to Aristone during the relevant period. One of them, OneBeacon, stepped up to fund part of the defense. (I know what you may be thinking. An insurance company willingly steps up to provide a defense in a construction defect case? It’s possible that Aristone’s policies contained the subcontractor exception to the “your work” exclusion. That’s not clear from the opinion.)

One of Aristone’s other carriers, PMA, refused to contribute to the defense, but did contribute to a settlement with the township on Aristone’s behalf (following an arbitration between Aristone and PMA). OneBeacon then sued PMA for a proportionate amount of defense costs. PMA essentially defended the OneBeacon suit on two separate grounds. First, that there was no right to contribution between coinsurers. Second, that (A) Aristone had given PMA a release, and (B) since OneBeacon could only make a claim against PMA to the extent that OneBeacon succeeded to Aristone’s rights, OneBeacon had no recourse.

The Supreme Court ruled against PMA. On the first question, the Court opined that New Jersey’s public policy favoring cost-effective resolution of disputes mandated in favor of finding a right of contribution between coinsurers. The Court wrote:  “Absent a right of contribution, a carrier that pays defense costs as they are incurred might alone bear a burden that should be shared. An inequitable allocation of the cost of defense, like an unfair allocation of the obligation to indemnify, may justify a judicial remedy.  Moreover, the governing principles upon which the Court relied in [the allocation decisions of Owens-Illinois, Inc. v. United Ins. Co., 138 N.J. 437 (1994) and Carter-Wallace, Inc. v. Admiral Ins. Co., 154 N.J. 312 (1998)]  warrant the recognition of a claim for allocation of defense costs…[P]ermitting such a claim creates a strong incentive for prompt and proactive involvement by all responsible carriers and promotes the efficient use of resources of insurers, litigants and the court. If a carrier anticipates that it will be responsible for a portion of the defense costs, it is more likely to invest in a vigorous defense. With the collective resources of a litigant’s insurers available at the early stages of a case, meritless claims can be challenged by motion and substantial claims can be more effectively defended.”

As I was reading this, I thought about how much simpler life was in the pre-Owens-Illinois, pre-Carter-Wallace era.  In those days, if multiple policies were triggered, the policyholder simply selected one of them to provide defense and indemnity, leaving the selected carrier a right over against the other carriers. The policyholder was protected, and the other carriers worked things out among themselves. In Owens-Illinois and Carter-Wallace, the Court determined that this “pick-and-choose” methodology was inequitable to the insurance company that was chosen in the initial instance. Now, with the Court’s new ruling in Potomac, I’m left wondering why.  If a right to contribution among carriers clearly exists, and if we’re concerned with the efficient administration of insurance dollars and judicial resources, doesn’t the old way make much more sense just from a cost standpoint? Then again, what do I know? 

On the second point – the release – the Court held that a release between a policyholder and a carrier does not necessarily extinguish a second carrier’s right to contribution, writing:  “The language of the release, in which OneBeacon played no role, does not provide support for the notion that OneBeacon intended to waive its right of contribution against PMA.  The release recites that ‘Aristone and PMA’ – and no other party – ‘wish to resolve fully and finally all aspects of the…dispute.’ Moreover, the definition of the releasing party, Aristone, does not purport to include OneBeacon, or any other entity providing insurance to Aristone for the [township’s] claim.”

Although ostensibly a dispute between insurance carriers, the Potomac case is important for policyholders because it contains potential pitfalls when settling multi-carrier claims. For one thing, you obviously need to be very careful about the terms of any release with Carrier A. If you give away Carrier B’s right to contribution, Carrier B may claim that any settlement with you by Carrier B must be reduced by a proportionate amount. In addition, the fact that a right to contribution exists might, in some circumstances, be used by a policyholder to create incentive for a particular carrier to settle, or even to assume a larger proportion of the underlying defense then it might otherwise be inclined to do.

By the way, the Potomac case is also of interest because it expressly recognizes that a “continuous trigger” can apply in construction defect claims.

You can read the full decision here.

When I started in this business (yikes, a long time ago), we used to argue with insurance companies a lot about scintillating issues like whether environmental cleanup costs constituted “damages” under CGL policies, and whether “sudden” meant “abrupt” for purposes of the pollution exclusion. In fact, many coverage lawyers have sent their kids to college based primarily on those two questions alone.

With most of those issues resolved by the New Jersey Supreme Court, nowadays we fight mostly about allocation of loss across policy periods. That’s because, in long-tail claims, insurance companies generally propose allocation schemes that tend to be fairly generous to their side. In environmental cases, for example, if a factory started operating in 1850, the carriers will try to run the allocation beginning in 1850 – with no consideration of when contamination actually occurred.  Not fair!  We as policyholder counsel then have to go out and hire hydrogeologists to figure out when the actual beginning point should be, on a factual basis.

Along these lines, the New Jersey Supreme Court resolved an interesting allocation issue this week that affects several of my firm’s clients.  (The case is Farmers Mut. Ins. Co. v. N.J. Property-Liability Guarantee Assn.) 

If you’ve handled, or been a party to, complex delayed-manifestation insurance claims in New Jersey (like asbestos or environmental claims), then you know that loss is allocated among policy years using the “pro-rata by limits” method set forth in Owens-Illinois, Inc. v. United Ins. Co., 138 N.J. 437 (1994) and Carter-Wallace, Inc. v. Admiral Ins. Co., 154 N.J. 312 (1998).  (Life was a lot easier when we used the joint-and-several, or “pick-and-choose” method, but who am I to question the wise rulings of the New Jersey Supreme Court?)

The New Jersey Property-Liability Insurance Guarantee Association, or “PLIGA” for short, is a statutorily-created entity that stands in the shoes of insolvent carriers when certain requirements are met. So, if you’re a policyholder and have a claim against a carrier that goes belly-up, you can submit the claim to PLIGA, which then stands in the shoes of the insolvent carrier up to a limit of $300,000.

What happens, though, to PLIGA’s policy years when a Carter-Wallace allocation needs to be done? By statute, PLIGA’s benefits cannot be tapped until the policy limits of all solvent carriers are first exhausted. Insurance companies have taken the position that, regardless of (or maybe because of) the statute, the insolvent policy years must be allocated to the policyholder.

No, say the Supremes. The Court first discussed the reasons why PLIGA exists: “Among the reasons that individuals and entities purchase insurance is protection from risks that might cause financial loss – even catastrophic loss. When insurance companies are rendered insolvent, insureds no longer have the protection for which they contracted and claimants no longer have a source from which to be made whole for their losses. [PLIGA exists] to mitigate the financial distress to insureds and claimants caused by an insurance company’s insolvency.”

With respect to insurance companies’ efforts to allocate insolvent policy years to the policyholder, the court wrote: “The PLIGA Act created the Guarantee Association as a means of providing benefits to insureds who, through no fault of their own, have lost coverage due to the insolvency of their carriers.  N.J.S.A. 17:30A-4 directs us to liberally construe the Act to achieve its purposes. One of those purposes is to minimize financial loss to claimants or policyholders because of the insolvency of an insurer. That aim would be defeated by making the insured bear the loss for the carrier’s insolvency before the insured received any statutory benefits from the Guarantee Association.”

As an added bonus, the Court cited Thomas Jefferson for the proposition that a court of equity “cannot interpose in any case against the express letter and intention of the legislature.”

Because insurance company arguments are like Rasputin – you can’t kill them – I’ll be interested to see what strategies the defense bar comes up with for the proposition that the Farmers Mutual case does not apply to certain types of long-tail claims. Or, maybe, carriers will just pay up from now on. After all, the Unfair Claims Settlement Practices Act, at N.J.S.A. §17:29-B(4)(9)(n), makes it illegal for insurance companies to fail “to promptly provide a reasonable explanation of the basis in the insurance policy in relation to the facts or applicable law for denial of a claim or for the offer of a compromise settlement.”  

But if insurance companies paid up, I’d be out of a job.

The case is Farmers Mut. Ins. Co. v. N.J. Property-Liability Guarantee Assn., and you can read the full decision here.

The terrible fire in Seaside Heights last week got me to thinking about some of the vagaries of fire insurance. (As an aside, the people along the Jersey Shore absolutely can’t catch a break.)

The contents of fire insurance policies are heavily regulated by statute. An interesting case recently came up in the Second Circuit on the question of coverage limitations and statutory requirements.  Facts:  Pacific Indemnity sold a fire insurance policy to an entity known as Quaker Hills, which owned a custom-built home in upstate New York.  (The principal of Quaker Hills is Trevor Davis, a Manhattan-based real estate developer, and this was one of his residences.)  The policy had a property damage limit of $14,388,000, but contained an “apportionment-of-loss” clause, that limited Pacific’s exposure to 38% of any covered loss.

The house burned down, and Pacific refused to pay more than 38% of $14,388,000, or approximately $5.5 million. Quaker Hills, unhappy because the total amount of its claim was $26.5 million when extended replacement costs were included, then argued that the apportionment-of-loss clause was unenforceable and illegal under New York law, on the ground that it conflicted with the standard fire insurance provisions prescribed by statute.  Specifically, statutory minimums for fire insurance are established by N.Y. Ins. Law §3404, which requires that the policy must provide the lesser of either (1) the actual cash value of the property at the time of loss; (2) the replacement cost; or (3) the value of the property as predetermined in the policy.  (New Jersey has a similar statute at N.J.S.A. §17:36-5.20 et seq.) Quaker Hills argued that, because of the 38% clause, the policy provided substantially less coverage than was required by the statute.

Pacific countered that the 38% clause was similar to a coinsurance provision, and that coinsurance provisions repeatedly have been upheld in fire insurance policies.  The Court explained the concept of coinsurance as follows: “A coinsurance clause divides the risk between the insurer and the insured in the event of a partial loss if the insured has failed to carry insurance up to a certain percentage of the value of the property, typically 80%…The purpose of coinsurance, therefore, is to protect [policyholders] by encouraging them to value fairly their own property, and not undervalue it in order to receive a lower premium.”  (Emphasis added.)  (Note:  Here, the loss was total, not partial.) 

The Court stated that coinsurance clauses “merely required the [policyholder], as a condition of receiving a lower premium rate, to stand part of the loss himself, where he does not take out full insurance or insurance to the percentage of the value specified.” In other words, public policy favors coinsurance clauses “because they are designed to prevent property owners from recovering full value for losses on property that they have chosen to undervalue for insurance purposes in order to be charged lower premiums.” The Court, however, noted that “coinsurance clauses in New York are not applicable when, as here, the property was totally, rather than partially, destroyed.”

In the end, the Second Circuit did what many good judges do: Punted. The Court certified the matter to the New York Court of Appeals, New York’s highest court, asking the following specific question, among others: “In an insurance policy that provides a stated dollar amount of loss coverage in the event of a fire, does a policy clause that, in exchange for a reduction in the premium charged, limits the insurer’s liability to a percentage of any loss violate New York Insurance Law?”

Patience is a virtue, so I guess we’ll have to wait for a final answer.  While we’re waiting, though, I’ll reiterate something that I’ve previously said on this blog: always review the insured values on your property policy, and the coinsurance clause, to make sure you have adequate protection before a loss happens.

You can read the full decision here in Quaker Hills, LLC v. Pacific Indemnity Co. by clicking here