Gorman & Williams

A client recently asked me why his insurance company was so resistant to providing his business a defense against an arguably frivolous copyright infringement claim. Incredulously, he inquired, “Isn’t this why I pay premiums?” The claim related to graphics work done by my client and used as advertising on his customer’s website. While the matter ultimately resolved in favor of the insured, his questions were not easily answered. Perhaps my business owner thought his standard issue comprehensive/commercial general liability (“CGL”) policy had broader coverages than it actually did. Perhaps the insurer read the policy too narrowly. In either event, my client has plenty of company, from small and large businesses alike, in realizing unexpected risks associated with e-commerce practices.

It is no secret that the Internet has fundamentally changed the way modern business is transacted. Information is king, and the Internet permits nearly instantaneous exchange of that information. Marketing on a global level is now available to the smallest businesses, at nominal cost. Accompanying these new opportunities, however, are significant unanticipated risks. For many, how new business models and marketing strategies developed in the dotcom era affect insurance-based risk management is simply an afterthought. Many businesses neglect to ask the right questions about whether their business insurance is adequate to protect against technology-related claims. Others turn a blind eye, either believing that they will never be the subject of such a claim or fearing that adequate insurance protection is simply too expensive. Those businesses are often left trying to force the square peg of a technology claim into the round hole of their CGL policy.

Often, a company’s only conscious risk management is the purchase of first and/or third-party insurance. First-party insurance is designed to cover losses incurred by the policyholder himself. Third-party insurance provides protection in the form of the insurer’s commitment to provide a defense and indemnification for claims covered under the contract of insurance that are brought against the insured. The CGL policy is the longstanding staple of first and third-party business insurance and is often the only liability insurance a company purchases. Thus, historically, businesses have looked for a defense and indemnity for any variety of claims under their CGL policies, whether or not coverage is clear on the face of the policies themselves.

In the context of technology claims, businesses have looked for coverage for claims involving patents, trademarks and copyrights under the “advertising injury” provision of the CGL policy. These efforts have netted mixed results with insureds finding the most success securing coverage against copyright infringement matters. Insureds have also sought coverage under the property damage provisions of their CGL policies for their own technology related losses. Again, the results have been mixed with insureds seeing more success recovering losses related to hardware and damaged equipment and much less success recovering damages associated with data loss and corruption. Insurers have countered technology claim coverage disputes with policy language revisions. These changes have, for the most part, limited coverage for such claims and, in many cases, have excluded coverage altogether.

Most insurance policies issued since the early 1970s are based on standard form policy language drafted by the Insurance Services Office (“ISO”). The ISO is a service organization whose membership consists of property and casualty insurers. See 15 Eric Mills Holmes, Holmes’ Appleman on Insurance 2d § 111.2 at 78-80, (2000 & 2003 Cum. Supp). Insureds’ efforts to secure coverage for technology and intellectual property claims have, until very recently, centered almost exclusively on interpretation of the ISO’s standard form CGL policies. The evolution of the CGL policy and its advertising injury and property damage provisions sets the stage for the recent development by insurers of technology-specific product offerings.

Prior to 1973, the CGL policy included, among other protections, a “Coverage A” for bodily injury and “Coverage B” for property damage. In 1973, the ISO introduced “personal injury” and “advertising injury” protection as an endorsement to its form policy. The insuring agreement of the 1973 endorsement provides a broad commitment that the insurer will pay for injuries arising from advertising:

The company will pay on behalf of the insured all sums
which the insured shall become legally obligated to pay
as damages because of personal injury or advertising
injury . . . .

The 1973 endorsement defines advertising injury to include a wide range of covered offenses:

See 1973 Standard Broad Form Comprehensive General Liability Endorsement. The 1973 endorsement excludes coverage of claims for advertising injury arising out of infringement of trademark. As a practical matter, however, courts interpreting the endorsement often found insurers liable for defense costs and indemnity in trademark infringement cases under the policy provisions covering infringement of title or slogan. See, e.g. A Touch of Class Imports, Ltd. v. Aetna Casualty and Surety Co., 901 F.Supp. 175 (S.D.N.Y. 1995).

In 1986, in response to numerous coverage disputes over intellectual property claims, the ISO revised the advertising injury clauses of the form CGL policy. The 1986 policy included advertising and personal injury coverage in the policy language instead of in an endorsement. The insuring agreement remained relatively unchanged from the 1973 endorsement. The definition of “advertising injury” was, however, changed to exclude piracy, unfair competition and defamation as covered activities:

The exclusion of piracy and unfair competition may have to do in large part with attempts by insureds to expand coverage under the 1973 endorsement for claims of patent infringement. The ISO and insurers have steadfastly maintained that the standard form CGL policy was never intended to cover claims of patent infringement. For examples of opinions holding that patent infringement is not covered under the 1973 endorsement, see, United States Fidelity & Guar. Co. v. Star Technologies, Inc., 935 F.Supp. 1110 (D. Or. 1996); National Union Fire Ins. Co. v. Siliconix, Inc., 729 F.Supp. 77 (N.D. Cal. 1989).

Under the 1973 endorsement, the 1986 policy, and all subsequent form policies, the policyholder must show facts sufficient to satisfy three elements to establish coverage for advertising injury: (1) an advertising injury defined in the policy; (2) advertising; and (3) a causal nexus between the alleged advertising injury and the insured’s advertising. See Holmes 2d, § 131.3. Considerable litigation has resulted from the absence of a definition for “advertising” in the 1973 endorsement and 1986 form policies. Courts have generally held that advertising means widespread dissemination to the public at large. See, e.g., Playboy Enterprises, Inc. v. St. Paul Fire & Marine Ins. Co., 769 F.2d 425 (7th Cir. 1985) (no coverage for a mailing to advertisers and advertising agencies concerning competitor’s inability to meet circulation goals).

The ISO again revised the definition of “advertising injury” in 1998. Advertising injury now no longer includes “misappropriation of advertising ideas or style of doing business.” Instead, the new definition provides coverage for “the use of another’s advertising idea in your advertisement:”

Advertising injury means injury . . . arising out of one or
more of the following offenses:

* * *
d. Oral or written publication of material that slanders or
libels a person or organization or disparages a person’s
or organization’s goods, products or services; e. Oral or
written publication of material that violates a person’s
right of privacy; f. The use of another’s advertising idea
in your “advertisement”; or g. Infringing upon another’s
copyright, trade dress or slogan in your “advertisement".

See 1998 Commercial General Liability Coverage Form. These revisions further clarify and narrow the scope of coverage to only those wrongs alleged to have been committed in the course of advertising and for which damages arise directly from the advertising activity. The 1998 policy also, for the first time, incorporates a definition of advertisement adopting the majority view that advertisement requires widespread dissemination of information:

Id.

Confusion exists under each of the form policies concerning the required nexus between the insured’s advertising, the alleged wrong, and the alleged injury. The “arising out of” language of the standard forms has been susceptible to multiple interpretations. For instance, from an insured’s prospective, an argument can be made that every act of selling involves some form of advertising. Thus, taken to its illogical extreme, every act of selling could fall within the advertising injury provision of the form policy. Courts interpreting the form policies have typically not followed this expansive read. Instead, the courts generally require a close nexus between the insured’s advertising activities, the alleged wrong, and the alleged injury resulting from that wrong.

The determination of whether a claim and its attending damages satisfy the requisite nexus to the insured’s advertising is made on a case-by-case basis. For example, the allegation that the insured’s copying, publishing, distributing and selling copies of machine parts documents was not sufficient to trigger coverage under the CGL policy because there was no nexus between the insured’s advertising and the alleged wrong. Sentry Ins. Co. v. R.J. Weber Co., 2 F.3d 554 (5th Cir. 1993). Likewise, claims for theft of trade secrets, reverse passing off and unfair competition were not covered because they arose not in relation to the insured’s advertising but in relation to the manufacture of the insured’s products. Frog Switch Mfg. Co. v. Travelers Ins. Co., 193 F.3d 742 (3rd Cir. 1999).

Technology advances have also generated substantial risk of loss to the insured business itself. Influences over which the insured typically has little control also threaten the valuable information belonging to the insured. Proprietary data is at risk from technical glitches, e.g. system failures or computer crashes, and more malevolent acts of computer hackers and viruses. If data is lost, will an insurer cover the insured’s loss under the property damage provisions of a first-party policy? If data is temporarily unavailable, will the insured’s loss of use be compensable?

The typical first-party insurance policy defines property damage as “physical injury to tangible property, including all resulting loss of use of that property.” The general trend in the reported opinions is that loss of information is not a “physical injury” under the form CGL policy. See Ward General Ins. Serv., Inc. v. The Employers Fire Ins. Co., 114 Cal. App. 4th 548 (Cal. Ct. App. 2003) (“We fail to see how information, qua information, can be said to have a material existence, be formed out of tangible matter, or be perceptible to the sense of touch.”); cf. Seagate Technology, Inc. v. St. Paul Fire and Marine Ins. Co., 11 F.Supp.2d 1150 (N.D. Cal. 1998) (third-party case finding no finding no physical damage to tangible property); America Online, Inc. v. St. Paul Mercury Ins. Co., 207 F. Supp. 2d 459 (E.D. Va. 2002) (“computer data, software and systems are not tangible property.”).

In sum, the coverages provided by the advertising injury and property damage provisions of the CGL policy are insufficient to protect against the risks confronted by businesses in our information-based economy. The CGL policy limits coverage to only those claims arising out of the insured’s advertising activities and for which the damages are closely related to the alleged wrongful conduct. Some protection is available for hardware, but likely unavailable for software or data under the property damage provisions of the CGL policy. These protections are simply too narrow for the panoply of claims modern businesses face. The remainder of this article is directed to identifying examples of the potential risks posed by today’s technology and discussing some of the newer, innovative coverages insurers are offering to address these risks.

Nothing suggests that claims based on traditional intellectual property disputes will slow or stop based on technology advances. In fact, the inverse is true. Further, technology and intellectual property claims concerning information exchanged over the Internet will generate significant new exposure to third-party claims. Some examples of these potential risks include claims of infringement arising from: (1) unauthorized linking – providing access to another’s Internet content from one’s website; (2) unauthorized framing – juxtaposing one’s content with another’s content on the same webpage; (3) cyber squatting – wrongfully obtaining a website name containing another’s trademark for purposes of keeping the name from the trademark owner; and (4) meta-tags – words and phrases, often including trademarks, embedded in one’s website indexing information for purposes of attracting users through search engines.

Still other risks typically seen only by publishing entities are now confronting businesses not historically classified as “publishers.” Because the Internet has global reach, information distributed on a business’s website subjects the company to potential claims for defamation, libel, slander or invasion of privacy, claims traditionally faced only by publishers.

Businesses organized to provide technical goods and services, e.g. software developers, hardware manufacturers, and internet service providers, also face new exposure. Examples of third-party claims against these entities include damages associated with hardware failures, customer data corruption, failures of software to adequately perform, and lost or publicly disclosed customer data. Many of these potential third-party risks relate only tangentially to advertising activities, and the damages associated with the alleged wrongful conduct may not meet the required close nexus with the policyholder’s advertising.

Additionally, policyholders’ own technology losses will often not meet the “physical damage to tangible property” requirement under their first-party policies. As a result, traditional third and first-party insurances are and will become increasingly insufficient to protect against potential risks confronting all business.

To help insureds manage new risks presented by technology advances, many insurers have begun to market existing, non-traditional products to new market segments. Additionally, insurers have modified existing products and developed new product offerings. For comprehensive risk management, business clients should be encouraged to consider the following options to supplement or replace existing CGL policies.

Media liability policies were traditionally marketed only to companies in the publication business. Anticipating potential liability arising from the maintenance of a business presence on the Internet, companies not in the publishing businesses are now being offered media liability policies. Coverage under media policies includes a commitment by the insurer to defend against and for claims of infringement of copyright and trademark, defamation, slander and libel, personal disparagement, and invasion of privacy. To reduce the expense of media liability insurance, some insurance companies have tailored their product toward businesses whose only media exposure is their Internet presence.

Insurers are also marketing their professional liability insurance, e.g. errors and omissions (E&O) and directors and officers (D&O), to technology businesses and businesses that operate on the Internet. E&O policies provide protection against claims for negligent acts or errors and omissions. These policies provide coverage beyond that included in the standard form CGL policy. For instance, coverage for a third-party claim of damage resulting from a software programming error typically will not exist under a CGL policy. However, a policyholder is likely entitled to a defense and indemnification for a claim of negligent programming under an E&O policy. Defense costs in such cases can be substantial. Add damages for lost or corrupted data or for disclosure of private information to an E&O claim for negligence in a technology matter, and the result could easily be a seven figure loss. This monetary exposure alone should give companies ample reason to revisit their insurance risk management portfolios.

Several larger insurers have also begun marketing new product offerings targeting business with e-commerce risk. Many of these products are combining coverages available under media liability policies with coverages available under E&O policies. Some of the newer products also include coverages for domain name disputes for and claims of copyright and trademark infringement. These policies are intended to fill gaps existing in the standard form CGL policy.

E-commerce policies often typically provide a defense and indemnification for losses arising in the course of the insured “Internet activities” as opposed to the CGL’s coverage for losses associated with “advertising injury.” Other insurers are modifying the standard CGL policy definition of “advertising injury” to include claims arising from broadcasting, publishing or telecasting activities in addition to advertising. Under these new product offerings, claimed losses will no longer require a close nexus with the insured’s advertising activities. Further, while most CGL policies limit commitments to defend and indemnify for losses committed in a “covered territory,” most of the new insurance products geared toward technology businesses provide worldwide coverage in recognition that claims can and will be brought wherever damages are incurred, not necessarily only in the “covered territory.”

Still other new products promise to eliminate the uncertainty of whether losses of non-tangible assets will be covered under first-party policies. Innovative product offerings from some insurers include protection against unauthorized access to data and software and losses resulting from viruses and hacking. These policies typically include coverage for lost business income arising from system down-time and will even pay the costs to recreate lost or destroyed intellectual property, e.g. lost customer data or corrupted software.

In certain cases, policy language extends coverage to the limits requested by the insured, subject of course to the insured’s tolerance for premium payments. So called “manuscript” policies are policies tailored, sometimes drafted from scratch, to meet a policyholder’s specific or specialized demands. While often prohibitively expensive, specialized policies exist that provide indemnity for claims of patent infringement, a practice not often embraced by insurers. Manuscript policies can even include commitments to fund offensive claims against infringers to settle rights to and in intellectual property

Insurance coverage for technology and Internet claims has evolved rapidly over the past twenty years. Traditional CGL policies may provide some protection against technology and intellectual property claims, but changes in the standard form insurance policies have and likely will continue to narrow that coverage. Expanded and innovative product offerings from insurers now permit businesses to effectively develop risk management strategies to protect against many of the new risks confronting companies operating in our new information age.

As counsel, we can and should assist our business clients by counseling on the potential risks presented by e-commerce and assisting with risk management strategies including selection of appropriate insurance. Luckily, adequate protection for our clients is only a phone call and a premium payment away.