On May 18, the Connecticut Supreme Court affirmed the appellate courts decision denying coverage under a companys general liability and umbrella insurance policies for more than $6 million in losses stemming from a situation that occurred when computer tapes fell out of a transport truck and 130 tapes were picked up by an unknown person. This data breach incident exposed sensitive information, including social security numbers and birth dates, of 500,000 IBM employees.
The high court affirmed the decision of the intermediate appeals court, which ruled that IBMs contractor, Recall Total Information Management Inc., and Recalls subcontractor Executive Logistics Inc., had not triggered two relevant provisions in the applicable general liability policy: (1) settlement negotiations did not constitute a suit under the policy definition; and (2) in the absence of any evidence that the information had been accessed, there was no requisite publication of material that violates a persons right to privacy. Recall had agreed through negotiation to cover the nearly $6.2 million that IBM spent to respond to the breach.
This very expensive lesson points out the need for any company that handles sensitive data to evaluate whether it has the appropriate insurance to cover a potential data breach. A more detailed analysis of the case is available in this Day Pitney Alert.