 |
Thelen Reid Brown Raysman & Steiner LLP
Introduction
Not only does e-commerce generate the revenue streams of
.com companies, it is becoming a significant source of revenues
for many bricks-and-mortar companies. Web pages are increasingly
valuable - and vulnerable - corporate assets. The cost to
restore a damaged or defaced Web site can be significant,
and the revenue lost during Web site downtime can equal
or exceed the revenue lost from damage to physical assets.
Also, it is increasingly clear that liability to third parties
can arise from online conduct. As Internet use grows and
as e-commerce revenues become increasingly significant,
Internet risk management and the related insurance coverage
issues will become critical.
Companies are asking more and more whether their existing
property and casualty insurance will protect them from Internet-related
losses. Corporate risk managers have good reason to worry.
The standard form property and casualty policies issued
to many businesses have gaps which substantially increase
the risk that coverage will be denied when an Internet-related
claim is made.
The key insurance issues for companies utilizing the Internet
are:
1. Risks not adequately addressed by traditional
insurance products.
2. Magnitude of risk is more likely to reflect
management systems and risk control procedures than the
quality of the physical plant and safety systems.
3. Magnitude of risks and type of coverage
needed depend on the types of activity conducted on the
Internet.
Internet and E-Commerce Growth
The magnitude of Internet activity and, as a result, the
magnitude of Internet risks are growing at an unprecedented
rate. A comparison of the penetration rates of three new
communications technologies is thought-provoking. It took
38 years for 30 percent of American households to have a
telephone. It took 17 years for 30 percent of American households
to have a television. It took less than 7 years from the
time the Internet became available outside government and
academic settings for 30 percent of American households
to have Internet access. Fifty percent of American households
are expected to have Internet access by 2003.
E-commerce sales revenue, including both consumer retail
sales and the significantly larger revenue generated by
business-to-business sales, quadrupled from $39 billion
in 1998 to $155 million in 1999, and is expected to reach
more than $7 trillion by 2004. E-advertising revenues also
are growing quickly. In 1996, e-advertising generated only
$264 million in revenue. (To put this figure in perspective,
it was about 4% of cable television advertising revenues
in 1996.) In 1999, e-advertising revenue was more than $4
billion, a growth rate of about 500 percent a year over
three years. By 2003, e-advertising is expected to generate
$11 billion, a figure somewhat larger than projected cable
television advertising revenue in that year.
Internet and E-Commerce Risks: New Risks and Old
Risks in New Guises
Commercial use of the Internet falls into several categories.
Some businesses use their Web sites simply as vehicles for
advertising their own goods and services. Others use their
Web sites as a revenue generator. The Web site may be a
distribution channel, either supplementing more traditional
channels or as the sole distribution channel for .com companies.
The Web site also can be a revenue generator as a media
vehicle that sells advertising to third parties. A Web site
can generate revenue by providing professional advice personalized
to the individual on topics ranging from sports injuries
to stock trading. A Web site may combine several of these
functions.
Like physical assets such as buildings or vehicles, a Web
page is subject to damage from natural disasters, accidents,
human error and intentional misconduct. It can be rendered
inoperable due to failure of the Internet site host, programming
mistakes and failed back office systems. Malicious misconduct
by third parties may disable a site by corrupting data or
introducing viruses.
An online presence also can result in liability claims by
third parties for which a company may seek a defense and
indemnity from its insurer. The potential claims will vary
with the function of the Web site. Sites that provide only
information may face claims arising from the content posted
on the site, including copyright and trademark infringement
and defamation. This risk is increased for sites that post
content provided by third parties.
Sites providing advice face potential claims based on negligence
when information posted on the site causes injury to one
who relies on it. Such liability is a significant concern
for companies that seek to provide ever more individualized
advice and information to users in responding to their specific
inquiries. Examples may include sites offering medical advice,
health products or financial advice.
A Web site may malfunction and deprive a third party of
goods or services that that party expected to receive. The
liability could be substantial if the site is providing
a service relied on by business entities in the course of
their own revenue-producing operations.
Many sites gather personal information about site visitors,
including financial data obtained in the course of transactions,
personal preference information based on online behavior,
and information related to health, medical condition, sexual
orientation and other personal matters. The misuse of such
data as a result of company policy, accidentally or through
the misconduct of employees or third parties could result
in liability for the site sponsor. In addition, a Web site
can injure third parties through the functioning of the
site itself by transmitting a virus.
Some of these risks are novel - such as hacker damage to
a Web site or failure of site host. The Internet also causes
old forms of risk to appear in new guises, often in a more
costly form. For example, in the paper era, trade defamations
likely were to arise from the actions of comparative small
group of key people in senior management and marketing.
With the Internet, virtually any employee may disparage
competitors' products on bulletin boards and chat rooms.
Thus, the Internet can facilitate a variety of commercial
torts.
Components of Internet Risk Profiles
A company's Internet risk profile depends on three factors.
First is the type of Internet activities it conducts. Does
the Web site simply provide information or is it a distribution
channel? Second is the extent to which the company is aware
of its potential exposure to losses and claims arising from
its Internet activities. Third is the extent to which the
company has developed prevention programs and contingency
plans to deal with Internet risks.
To illustrate some of the risks that arise on the Internet,
consider what can go wrong at a bricks and mortar company
whose Internet activities are limited to an informational
Web site and employee e-mail and the wider risk exposure
of companies that sell products and give advise over the
Internet.
Scenario 1: Virus Damage to Web Sites and Data
In the first scenario, the MIS department determines that the company's server has been infested with a virus attached to software purchased and delivered over Internet. Some files are corrupted, and the server remains unavailable for 48 hours, with a measurable impact on the company's operations.
When business assets are damaged, companies typically look to their property insurance policies. The standard form commercial property policy published by the Insurance Services Office (ISO) provides coverage for "physical loss or damage to covered property" if the damage is caused by a "covered cause of loss." 1/ Under the ISO form, an insured can select three different options regarding the breadth of the "covered cause of loss":
1. The "basic form," which lists such causes of loss as fire, windstorm and vandalism.
2. A somewhat more encompassing "broad form" of coverage, which includes damage from several additional causes.
3. A "special form," which covers all causes of loss subject only to enumerated exclusions.
Assuming the company carries commercial property coverage, the virus will pose the following issues:
1. Did the virus cause "physical loss of or damage to" the insured's property?
2. Is a virus a covered cause of loss?
3. Does the policy provide only limited coverage for damage to business records?
4. Will the business interruption provision in the policy apply? In addition, if the source that transmitted the virus can be identified as another business, the company may file suit, and the business that transmitted the virus will seek a defense and indemnity from its commercial general liability (CGL) policy. Thus, the virus damage raises a fifth question:
5. Will the CGL policy respond to an action alleging that the policyholders intentionally or negligently transmitted the virus?
Physical Loss or Damage
A company seeking coverage for damage to a Web site or for loss of revenue while the site was down will face several hurdles to recovery. The insured must show that the loss resulted from "physical loss of or damage" to insured's property. Insurers may argue that harm to mere data, information or the electronic functioning of a Web site does not constitute "physical loss or damage." 2/ Damage at the level of electronic particles still is, in reality, physical damage, and the rule that policy language is construed against the insurer and in favor of policyholder expectations may allow the policyholder to get past this hurdle.
There are few cases discussing the application of property
and business interruption coverage to computer system failures,
let alone to the Internet. One recent U.S. District Court
decision found coverage for an eight-hour business interruption
caused by a computer outage resulting from a fire that did
not damage the computer hardware but cause the loss of all
programming information in the random access memory.
3/ The "all risks" property policy insured
against "direct physical loss or damage from any cause."
In holding that the loss of data stored in computers was
"physical" damage, the court reasoned that even
in the absence of any physical harm to the computer's hardware,
unintended "alterations" in the computer's software
or network were forms of physical damage. The court did
not directly address the "physical" aspects of
the damage to the computer; rather, the court looked to
federal and state criminal computer fraud statutes. These
statutes assign criminal liability when a person causes
"damage" to protected computers - "damage"
being defined in the statutes to include any alteration,
deletion, destruction or impairment of data stored on the
effected computers. The criminal statutes make no mention
of "physical" damage in contrast to the language
of the standard property policy. Given the holding's reliance
on penal statutes rather than insurance coverage precedents
and ambiguity as to whether the court found the destruction
of data sufficient to constitute "physical damage,"
it is unclear whether this decision will survive appeal.
Policyholders
whose business is disrupted by computer system or Web site
failure may seek to analogize their situation to that of
a property owner whose building is rendered uninhabitable
by environmental factors that leave the structure itself
untouched. In some such cases, property owners have obtained
coverage under first-party property policies. 4/
Web
sites frequently are hosted by third parties rather than
residing on a computer owned by the policyholder. Even if
courts ultimately conclude that damaged programming is "physical"
damage, there would be no physical damage to the policyholder's
property when the damaged Web site is hosted by a third
party. The closest analogy to claims for business interruption
due to failure of Web sites hosted by third parties may
be cases where intangible property such as data or a trade
secrets were lost due to accident or misappropriation. Those
cases do not provide much comfort to the company seeking
coverage. In one relatively recent case, a telephone company
was denied coverage for charges incurred as a result of
the theft of cell phone authorization codes. The court reasoned
that the codes themselves were intangible property, and
the company's claim primarily was focused on recouping purely
economic loss resulting from the theft rather than compensation
for traditional property damage. 5/ Other cases
concerning stolen trade secrets have denied coverage for
the same reason. 6/
The bottom line is that insureds suffering Web site disruption
or damage should expect resistance in pursuing coverage
claims against standard property policies, at least until
the current uncertainties are resolved by the courts. Until
that occurs, policyholders would be well advised to obtain
coverage advice from counsel as soon as possible after the
occurrence of a loss.
Covered Cause of Loss
To recover under a property policy, in addition to showing
physical loss or damage, an insured must trace the loss
to a "covered cause of loss" in the basic, broad or special
form. The list of causes - even in the broad form, which
covers such causes as fire, lightening, explosion, windstorm,
hail and vehicle accidents - would not appear to include
host failure, programming errors or other human mistakes.
7/ The requirement that the loss be due to
a covered cause is a significant restriction.
The inclusion of "vandalism" in the list of covered causes
of loss may provide coverage when injury is caused by the
malicious conduct of hackers. Note, however, that the vandalism
cause of loss excludes loss due to theft, thus limiting
the use of this cause of loss in cases when information
is stolen by hackers. "Building damage" caused in breaking
in to engage in a theft is covered, but it is uncertain
whether harm to a Web site by hackers bent on theft would
constitute "building damage."
Moreover, the combination of a covered and an excluded cause
of loss may result in a denial of coverage. One insured's
computer went down when power was lost due to a substation
fire. 8/ While fire was a covered cause of
loss, power outage was specifically excluded and, as a result,
coverage was denied. The court also noted that the fire
and power outage caused no physical damage to insured's
computer (other than the fact it could not function for
a period of time).
Insureds with the special form endorsement need not trace
their loss to a listed cause but still must show that it
arose from something that caused a "risk of direct physical
loss." Negligent actions by a site host or programmer likely
to result only in service interruption may not be sufficient.
Moreover, dishonest acts by one's own employees are excluded
even under the special form of coverage.
| Limitations on Recovery for Harm to Business Records |
In the standard ISO form, coverage is specifically provided
for "the cost to research, replace and or restore the information
on valuable papers and records, including those which exist
on electronic or magnetic media." However, such coverage
is often subject to severe dollar limitations. The ISO form
suggests that it be limited to $2,500 "per location." Disputes
may arise as to what counts as a "location" on the Internet,
and insurers can be expected to make a restrictive reading
of this provision.
Business Interruption Coverage
Property coverage often is linked to business interruption
coverage. 9/ Business interruption coverage typically
provides that the policy will pay for "actual loss of business
income... due to the necessary suspension of your 'operations'
during the 'period of restoration.'" However, like the property
policy to which it relates, business interruption coverage
applies only if the suspension of operations is caused by
"direct physical loss or damage to property," and the loss
must be caused by "a covered cause of loss" as defined in
the policy.
Business interruption policies vary as to the magnitude
of the suspension of operations required to trigger coverage.
While one policy may provide coverage for a "partial or
complete" suspension, another may provide coverage only
for a "substantial" suspension. 10/ This variability
is significant for Web site failures. Shutdown of a Web
site may result only in the partial disruption of a business
that uses multiple distribution channels (for example, both
e-commerce and mail order catalogs), failing to trigger
coverage.
CGL Coverage for Transmitted
Viruses
If the company that transmitted the virus can be identified,
will its CGL policy provide coverage if it is sued? Part
A of the standard CGL policy covers damages due to "bodily
injury" or "property damage" that occur to third parties
during the policy period. 11/ The CGL policy
defines property damage as "physical injury to tangible
property" and "loss of use of tangible property." CGL policies
also generally require the insurer to defend the insured
if potentially covered claims are brought against it.
Part A does not apply if the damage is to "your product"
or "your work," provisions that are intended to deny coverage
for breach of warranty claims arising out of defects in
the insured's product which do not cause separate injury
to other property. Insurers will resist claims that arise
from breach of warranty when the only damage to the claimant
is the failure of the policyholder's product to perform.
In the virus scenario considered here, the policyholder
will have to overcome a major hurdle in showing that the
damage from the virus was "physical injury to tangible
property." Harm to data or electronic stored information
alone may not be enough to trigger coverage. Courts have
held that purely economic losses that are not related to
physical harm are not compensable under a CGL policy. 12/
They have divided on whether the loss of electronic
data not linked to overt physical injury constitutes such
damage under the CGL policy. Courts have indicated that
the mere loss of electronic data alone does not involve
the loss of tangible property. 13/ One court
held that the incorporation of allegedly defective disc
drives into personal computers did not cause physical damage
to tangible property of others and was not "property damage"
under an umbrella liability policy so that the insurer had
no duty to defend a lawsuit by the computer manufacturer
against the maker of the disc drives. 14/ However,
another appellate court has required the insurer to provide
a defense under a CGL policy when the only loss was to information
stored in computer files. 15/ Yet another court
held that loss of a computer tape which held the only copy
of certain valuable data was a physical loss to tangible
property. 16/ And in an arguably analogous
context, loss of intellectual property such as trade secrets
or engineering designs has been held not to constitute damage
to tangible property under the CGL form. 17/
Given these uncertainties, insureds have every incentive
to look for evidence of tangible, physical injury wherever
they can find it, in the form of scratches on a disk caused
by a head slap event or even physical changes at the subatomic
level involved in the transfer of data to magnetic media.
18/
Insureds will seek coverage for events that disable a Web
site or render a computer system unusable for some period
of time without causing physical damage based on the "loss
of use" of tangible property. However, in light of the inconsistent
precedents discussed above, it is highly probable that claims
based on damage to Web sites or Web site down time will
be contested by many insurers under CGL policies. In addition,
since in the scenario the virus was attached to software
that was sold by the policyholder, the exclusion for damage
to "your product" or "your work" may apply. Recently, courts,
especially in California, have blurred the distinction between
tort and contract claims, finding CGL coverage under claims
pleaded as contract breaches. 19/ This trend
may erode the coverage exclusion for damage to "your work."
Scenario 2: Copyright Violations
Assume that the bricks and mortar company is sued for posting
copyrighted material on its Web site without permission.
Is there coverage under a standard CGL policy?
The ease of mass duplication and distribution over the Internet
makes copyright violations far easier to perpetrate and,
therefore, more common than in the paper environment. The
Web has also proven to be fertile ground for trademark violations.
For example, the diversion of Web traffic by using another's
trademark in a metatag (non-visible text on a Web site)
constitutes trademark infringement. 20/
Part B of the standard CGL policy provides coverage for
sums the insured becomes legally obligated to pay "as damages"
because of "personal and advertising injury" caused by an
"offense" arising out of the insured's business. The definition
of advertising injury in Part B specifically includes several
of the content-related claims likely to be asserted online,
including libel and product disparagement, violation of
the right to privacy, "use of another's advertising idea
in your advertisement" and "infringement of another's copyright,
trade dress or slogan in your advertisement." The advertising
injury provision of the CGL form policy may trigger the
insurer's duty to defend a copyright action. 21/
Web Site as Advertisement
The advertising injury provision only provides coverage
for copyright violations "in your advertisement." 22/
While some Web pages are nothing more than electronic
advertisements, others function as the delivery vehicle
for the company's product or even constitute the product
itself. It is not a foregone conclusion that every aspect
of a company's Web page will fall within the advertising
injury coverage. 23/
Exactly what is an advertisement on the Internet is unclear
- when a Web site both contains marketing materials and
is the product or service, where do you draw the line? Here,
the Web site almost certainly qualifies as an "advertisement"
because under the scenario posed, the Web site only provides
information about the policyholder's products.
The Publishing and Advertising
Business Exclusion
The standard CGL form excludes advertising injury coverage
for acts "committed by an insured whose business is advertising,
broadcasting, publishing or telecasting." Questions will
arise as to whether a Web site has caused its sponsor to
cross the line into the publishing business when the site
generates revenue through agreements with advertisers, when
the content consists of news or entertainment or when the
site serves as an open forum for the exchange of views not
unlike the letters to the editor page of a newspaper. Similarly,
if a Web site primarily posts information about the owner's
own products or services but also contains links to other
Web sites and banners promoting the goods or services available
on those other sites, is the Web site owner in the publishing
business? Similarly, if the Web site posted content to attract
hits and posted ads by third parties for a fee (or for bartered
ads on other Web sites), then the business of advertising
exclusion might well apply.
Scenario 3: Trade Libel
Next, the brick and mortar company is served with a lawsuit
charging trade libel based on defamatory comments made by
one of its senior engineers in an Internet chat room.
The advertising injury provision of the CGL policy provides
coverage for trade libels committed in advertisements. However,
the chat room submission probably is not an "advertisement"
unless the policyholder can show that it regularly had its
staff post company prepared statements on bulletin boards
and in chat rooms as a part of its marketing efforts.
As a general matter, it appears that the advertising injury
provisions of the CGL policy are more likely to be triggered
than the bodily injury and property provision. There are
far fewer potential ambiguities over the existence of coverage,
and the Internet is a fertile medium for virtually all of
the activities included in advertising injury: copyright,
trademark and trade dress infringement, libel and product
disparagement, and violation of privacy.
Scenario 4: Injury to Parties Overseas
Companies whose business is the Internet or who use the
Internet as their sole distribution channels can experience
a wider range of Internet problems and generate a wider
range of potential insurance claims.
In the last two scenarios, consider a .com company that
focuses on sports and exercise-related injuries. It provides
online advice on the home treatment of minor injuries and
sells a variety of products ranging from vitamins to arch
supports through its Web site.
An unhappy customer in Britain asserts that individual advice
provided over the Internet aggravated an injury, resulting
in the need for surgery. With the British claim, there is
a clear allegation of bodily injury so that the uncertainties
that exist with respect to physical damage claims involving
electronic data and Web sites do not arise.
Location of Events on the
Internet
The location of the injury can be a significant coverage
issue in Internet claims. CGL coverage generally is limited
to a geographic territory specified in the policy (usually
the United States and its territories and possessions, Puerto
Rico and Canada). Because a Web site can be accessed from
anywhere in the world, a business may lack coverage for
claims arising from "occurrences" that arguably take place
outside of the covered territory.
Under a standard CGL policy, there would be no coverage
for a non-Internet related claim arising in Britain. With
the Internet, however, there are multiple options concerning
the location at which an incident occurred. Was the bad
advice given in Britain or in the company's office where
the individualized advice was generated.
The question of location on the borderless Internet becomes
more acute when the offending information simply is posted
on a Web site. For example, a company may have its offices
in one state, use a server in another state and have its
Web site accessible to customers around the world. With
more traditional advertising and marketing channels, a company
can to a great extent control where its advertising appears
and where its products are sold. However, everything on
the Internet is accessible from virtually anywhere in the
world. This is a non-trivial problem. In June 1999, 44 percent
of the traffic at U.S. based Web sites came from foreign
domains.
Courts will have to determine precisely where a claimed
injury for trademark infringement or misuse of private information
"occurred" when the injured party is outside the covered
territory but the defendant is in the United States. As
with procedural issues such as personal jurisdiction, choice
of law and forum non-conveniens, litigation based on Web
site use will address novel issues arising out of the borderless
medium of cyberspace.
Errors and Omissions Coverage
Errors and omissions (E & O) policies provide coverage for
negligent acts, errors and omissions occurring during the
performance of a service. CGL policies may contain an exclusion
for claims arising from the provision of professional services.
Thus, if the individualized advice provided by the sports
medicine .com company constitutes "professional services,"
its CGL insurer may deny coverage, even for claims arising
within the United States, and tell the company to look to
its E & O policy - if any.
Different E & O policies vary in the scope of coverage provided,
and there is no standardized form as there is for CGL policies.
In addition to traditional medical and legal malpractice
policies, E & O products include policies providing coverage
for technology professionals such as software and Web site
developers and Internet access providers.
E & O coverage generally extends both to bodily injury and
economic loss arising from the failure to perform services
competently. E & O policies also may provide coverage for
intellectual property infringement, defamation and invasion
of property claims. Technology E & O policies generally
exclude coverage for personal injury arising from invasions
of privacy.
Scenario 5: Privacy Violations
A class action lawsuit is filed against the sports medicine
company alleging that the company sold individual information,
including medical histories, to other companies without
the knowledge or consent of its customers.
The standard CGL form provides coverage for personal injury
caused by "oral or written publication of material that
violates a person's right of privacy." As online marketers
obtain increasingly detailed data about consumers' Internet
use habits and share or sell that information, class actions
are being filed asserting claims that the dissemination
of such information constitutes a privacy violation.
Internet privacy issues are likely to take several forms.
One issue arises from the publication of aggregated data.
It is unclear whether dissemination of aggregated data in
which individual identifiers are removed violates privacy.
Consider Amazon.com's publication of aggregate information
on the book purchases of employees at a number of major
corporations and government agencies in August 1999. Some
of the employees and their employers cringed, especially
at companies where the employees' most popular book title
was racy. In general, state privacy statutes allow dissemination
of aggregated data, suggesting that there would be no privacy
violation. However, when the publication of the aggregated
data causes embarrassment to a discrete group of people,
for example the employees of an identified company, there
may be lawsuits claiming a violation of the right to privacy.
Policyholders will seek defense costs and indemnity from
CGL insurers.
A second privacy issue concerns individual data that is
sold to other entities with permission of the individual
but not made available to the public generally. The CGL
policy covers only invasions of privacy through oral or
written "publication" of material. The typical online use
of personal data is not to disseminate it broadly or "publish"
it but to gather it, aggregate it with personal data of
others and reuse or resell the data for targeted marketing.
Coverage limited to publishing as the source of injury may
not respond to claimed privacy violations arising from Internet
data collection practices. Nor will the CGL policy cover
violations of privacy rights "caused by or at the direction
of the insured with the knowledge that the act would violate
the rights of another." If confidential information about
individuals is sold without permission or is used for purposes
outside the scope of the permission and the .com company
is sued, there may be no coverage under a CGL policy because
the element of publication is missing or because the insurer
successfully asserts that the policyholder had knowledge
that its conduct was wrongful.
New Internet-Specific Products
The gaps in standard property and casualty policies discussed
above have not gone unnoticed by risk managers or the insurance
industry. The insurance industry is rolling out a host of
products specifically designed to provide coverage for a
wide range of electronic media.
A number of insurers, including CIGNA, CNA, AIG, St. Paul
and various Lloyds underwriters, offer hacker/virus policies
providing both first- and third-party coverage. The first-party
coverage addresses damage to the insured's own equipment
or data while the third-party coverage addresses lawsuits
by third parties asserting that the policyholder is responsible
for hacker or virus damage to its computers or electronic
data. Hacker/virus products generally contain a criminal
acts exclusions for acts of the insured's employees. Most
hacker/virus policies are claims made, i.e. they provide
coverage only for claims made in the coverage period.
Media liability policies offered by a large number of insurers
provide coverage for defamation, invasion of privacy, misappropriation
of name or likeness and violation of intellectual property
rights arising from the insured's dissemination of information
in covered media. Unlike the Part B of the CGL policy, media
policies provide coverage for privacy violations without
the element of publication. The covered media specified
in the policy can include Web sites, and an increasing number
of media products are specifically tailored to e-commerce.
Although media liability policies generally do not cover
errors and omissions in providing services, some insurers
offer endorsements to provide such coverage.
Broad e-commerce coverage is offered by AIG, Chubb, Zurich,
St. Paul and various Lloyds underwriters. The products generally
include elements of first- and third-party coverage for
risks arising from hacking, theft of data, intellectual
property and credit card information as well as business
interruption coverage for Web site disruptions. Products
developed by Marsh U.S.A. and underwritten by a number of
insurers also incorporate E&O and media liability features.
New Internet products often contain a survey feature under
which companies seeking coverage are required to undergo,
and pay for, a risk assessment of their Web practices as
part of the underwriting process. Underwriters use the survey
in determining whether to grant coverage and to assess the
types of coverage needed but also hope that insureds will
perceive the risk assessment as a valuable service in and
of itself. Such surveys may be performed by the underwriter,
an e-commerce consultant, a law firm or some combination
of the above.
As electronic commerce continues to grow, more and more
insurers are likely to offer coverage for Internet risks,
either in the form of endorsements to existing programs
or stand alone Internet insurance products.
Conclusion
The Internet offers extraordinary economic promise, but
this promise is accompanied by new risks and uncertainties
regarding the scope of insurance coverage for those risks.
As the Internet matures, many of those coverage questions
will be resolved or rendered moot by the creation of new
products and new policy language. Businesses utilizing Web
sites today should not assume that their traditional insurance
program will provide adequate coverage for their activities
on the Internet. An evaluation of a company's insurance
coverage program is a critical component of any overall
assessment of a company's risk exposure from Internet activities.
If you would like to receive legal reports and updates
more quickly, by e-mail, click
here and fill out the mailing list form.
For more information about the issues covered in this report, please contact Karl D. Belgum in our San Francisco office at 415-369-7310 or at kbelgum@thelen.com or contact your Thelen attorney. For more information about Thelen's Construction and Government Contracts Department, click here.
ENDNOTES
1/ See, e.g., ISO Form CP 00 10 06 95. The
ISO forms are revised periodically. Copies of all the forms
referred to in this article can be found in Fire Casualty
and Surety Bulletins, published by the National Underwriter
Company, Cincinnati, Ohio.
2/ For an interesting but inconclusive discussion
of this issue, see The Home Indemnity Company v. Hyplains
Beef, 893 F.Supp. 987 (D. Kan. 1995) [court considers
without deciding whether loss of electronic data may constitute
physical injury].
3/ American Guarantee and Liability Insurance
Co. v. Ingram Micro, Inc., 2000 U.S. Dist LEXIS
7299 (D. Ariz. 2000).
4/ See Farmers Insurance Co. of Oregon v. Trutanich,
123 Or.App. 6, 858 P.2d 1332 (1993) [odors from abandoned
drug lab caused property to be uninhabitable]; Western
Fire Ins. Co. v. First Presbyterian Church, 165 Colo.
34, 437 P.2d 52 (1968) [gasoline vapor contamination of
building causes fire department to order closure of structure];
Hughes v. Potomac Insurance Co., 199 Cal.App.2d 239,
18 Cal.Rptr. 650 (1962) [erosion of nearby cliff causing
house to be uninhabitable], but see Great Northern
Ins. Co. v. Benjamin Franklin Federal Savings & Loan Assn.,
793 F.Supp. 259 (D.Ore. 1990) [no physical loss or damage
to asbestos-containing building even when use of building
impaired]; Cleland Simpson Co. v. Fireman's Ins. Co.,
392 Pa. 67, 140 A.2d 41 (1958) [no physical loss when government
restricts access to property during emergency].
5/ Peoples Telephone Company v. Hartford Fire
Insurance Company, 36 F.Supp.2d 1335 (S.D.Fla. 1997)
6/ U.S. Gypsum v. Ins. Co. of North America,
813 F.2d 856 (7th Cir. 1987).
7/ See ISO CP 10 20 06 95.
8/ Noonan, Astley & Pearce, Inc. v. Insurance
Company of North America, 5 CCH Computer Cases 66492,
1994 U.S. Dist. LEXIS 3803 (S.D.N.Y. 1994) [coverage denied
because of the combination of a covered and excluded cause
and because there was no physical damage to insured's computer].
9/ See, e.g., ISO Form CP 00 30 06
95.
10/ See Hyplains Beef, supra, n. 2 [no business
interruption coverage where computer system failure rendered
plant less efficient but did not halt production].
11/ ISO CG 00 01 07 98, FC&S Bulletin. This form
was preceded by numerous other CGL forms with varying language
that are beyond the scope of this article.
12/ See Lazzara Oil Co. v. Columbia Casualty Co.,
683 F.Supp 777 (M.D. Fla. 1988) [antitrust claim seeking
lost profits did not come within "property damage" or "personal
injury" provisions of liability policy].
13/ Magnetic Data Inc. v. St. Paul Fire and Marine
Ins. Co., 442 N.W.2d 153 (Minn. 1989) [erasure of data
from magnetic media not physical injury to tangible property;
certain exclusions also apply; the lower court opinion at
430 N.W.2d 483 had held that the CGL policy could be read
as providing coverage for damage to intangible property].
14/ Seagate Technology, Inc. v. St. Paul Fire
& Marine Ins. Co., 11 F.Supp.2d 1150 (N.D. Cal. 1998).
15/ See Centennial Ins. Co. v. Applied Health
Care Systems, Inc., 710 F.2d 1288 (7th Cir. 1983) [duty
to defend is broader than duty to indemnify; allegation
of loss of customer billing and patient care information
"clearly raised the spectre that liability for property
damage may ensue"].
16/ Retail Systems, Inc. v. C.N.A. Insurance
469 N.W.2d 735 (Minn. 1991) [loss of computer information
and tape was physical injury to tangible property under
CGL policy].
17/ St. Paul Fire & Marine Ins. Co. v. National
Computer Systems, Inc., 490 N.W. 2d 626 (Minn. Ct. App.
1992) [misappropriation of confidential and proprietary
information is not damage to "tangible property"]; Lucker
Manufacturing v. Home Insurance Company, 23 F.3d 808,
818 (3rd Cir. 1994) [harm to engineering plans for unbuilt
offshore oil rig mooring system not physical injury to tangible
property]. See also Schaefer/Karpf Productions v. CAN
Insurance Companies, 64 Cal.App.4th 1306, 76 Cal.Rptr.2d
42 (1998) [copying television program onto pornographic
video stock, which remained visible at end of program was
not harm to tangible property].
18/ See Magnetic Data Inc., supra, n. 13 [noting
that the insured presented experts to testify regarding
the changes in subatomic particles that occur when data
is recorded on magnetic media].
19/ See Vandenberg v. Superior Court, 21 Cal.4th
815, 88 Cal.Rptr.2d 366, 982 P.2d 229 (1999).
20/ See Brookfield Communications Inc. v. West
Coast Entertainment, 987 F.Supp. 337 (D.N.J. 1997).
21/ See Lebas Fashion Imports v. ITT Hartford
Ins. Group, 50 Cal.App.4th 548, 59 Cal. Rptr.2d 36 (1996)
[duty to defend is broader than actual coverage and will
be triggered where the facts alleged indicate the possibility
of coverage].
22/ Bank of the West v. Superior Court, 2
Cal.4th 1254, 10 Cal.Rptr.2d 538, 833 P.2d 545 (1992) [claim
of violation of statutes prohibiting unfair business practices,
which provided for injunctive relief and disgorgement of
money wrongfully obtained but not for damages, was not "advertising
injury"].
23/ Compare Hudson Universal v. Aetna Ins. Co.,
987 F.Supp. 337 (D.N.J. 1997) [unauthorized use of a trademark
constituted infringement of title or slogan under CGL policy]
with Advance Watch Co. v. Kemper National Ins. Co.,
99 F.3d 795 (6th Cir 1996) [trademark infringement did not
arise in course of advertising].
©2000 Thelen Reid Brown Raysman & Steiner LLP
|
