This blog/web site is made available by the host/publisher for educational purposes only as well as to give you general information and a general understanding of the law. It is not intended to provide specific legal advice to your individual circumstances or legal questions. You acknowledge that neither your reading of, nor posting on, this blog site establishes an attorney-client relationship between you and the blog/web site host or the law firm, or any of the attorneys with whom, the host is affiliated. This blog/web site should not be used as a substitute for seeking competent legal advice from a licensed professional attorney in your state. Readers of this information should not act upon any information contained on this website without seeking professional counsel. The transmission of confidential information via Internet email is highly discouraged. Per a June 11, 2007 opinion of Connecticut's Statewide Grievance Committee, legal blogs/websites, such as this one, may be deemed an "advertisement" under applicable rules and regulations of Connecticut, and/or the rules and regulations of other jurisdictions.
The state of Connecticut is in the midst of a wave of litigation concerning insurance coverage for losses from the widespread use of faulty concrete supplied by J.J. Mottes Company to build homes in Tolland County during the 1980s and 90s. The trial courts are starting to issue rulings on some of the cases. In two of them, Metsack v. Liberty Mut. Fire Ins. Co., No. 3:14-CV-01150, 2017 WL 706599 (D. Conn. Feb. 21, 2017) andRoy v. Liberty Mut. Fire Ins. Co., No. 3:13-CV-00435-SRU (Conn. Super. Ct. Feb. 22, 2017), the homeowners’ policies at issue provided coverage in the event of the “collapse” of a home, but failed to define that term. In those cases, the courts held that a collapse occurs when there is a “substantial impairment to the structural integrity of the home,” which is the definition adopted by the Connecticut Supreme Court in 1987 in Beach v. Middlesex Mut. Ins. Co., 205 Conn. 246, 532 (1987). The courts declined to adopt a narrower definition of collapse that would require plaintiffs to show that the damage had rendered the building unfit or unsafe. Cf. Queen Ann Park Homeowners Ass’n v. State Farm Fire and Cas. Co., 352 P.3d 790, 791 (Wash. 2015). In the course of the rulings, the courts also rejected the insurers’ arguments that the loss fell under a policy exclusion for damage done to the home’s “foundation and / or retaining walls,” holding that those terms are ambiguous and do not necessarily include the basement walls at issue.
In the third case, Jemiola v. Hartford Cas. Ins. Co., No. CV-15-6008837-S (Conn. Super. Ct. Mar. 2, 2017), plaintiff had a homeowners’ policy with Hartford Mutual Casualty Company from 1986 to 2014. Prior to 2005, the policy did not define the term “collapse.” The Court held that the common law “substantial impairment” definition applied during that period. The plaintiff’s expert witness testified that although deterioration of the faulty concrete begins immediately upon pouring, a home does not become “substantially impaired” until cracking materializes. The plaintiff first observed cracking in her basement walls in the fall of 2006. Thus, the Court found that she could not create a genuine issue of material fact as to whether her home was “substantially impaired” before the policy was amended in March 2005. Under the new language, the operative language defined collapse as “an abrupt falling down or caving in of a building . . . with the result that the building cannot be occupied for its current intended purpose.” The Court rejected plaintiff’s argument that the term “abrupt” was ambiguous, and granted Hartford Mutual’s motion for summary judgment on the grounds that (1) the damage had occurred over a number of years, rather than suddenly, and (2) the home was not yet uninhabitable.
InGubala v. Time Warner Cable Inc.,846 F. 3d 909 (7th Cir. Jan. 20, 2017), the Seventh Circuit Court of Appeals held that a cable company’s failure to destroy personally identifiable information of former subscribers, without more, is insufficient to establish Article III standing. Plaintiff was a former subscriber to Time Warner’s cable services, who provided personally identifiable information to the company. Eight years after cancelling his service, he inquired and learned that the information was still in the company’s possession. He sought injunctive relief for alleged violation of the Cable Communications Policy Act, which provides for the destruction of personally identifiable information when it is no longer necessary for the purpose collected, and there are no pending requests or court orders for access to the information. The district court dismissed for lack of standing, and the Seventh Circuit affirmed.
Plaintiff did not allege that the information had been misused, sold or given away by the company, nor even allege a fear that it might be. He asserted only that the retention of the information violated a privacy right or entailed a financial loss. The court acknowledged that there was some risk of harm, and the statute gives a cause of action to any person aggrieved by a violation of the destruction provision. But the plaintiff provided neither evidence nor even allegation that he in fact had been so aggrieved -- only that he felt aggrieved. Thus he had not alleged any risk substantial enough to meet the “concreteness” test of Spokeo, Inc. v. Robins, 136 S. Ct. 1540 2016), and the case was properly dismissed.
InIn re: Horizon Healthcare Services, Inc. Data Breach Litigation, 846 F. 3d 625, 2017 WL 242554 (3d Cir. Jan. 20, 2017), the Third Circuit Court of Appeals held that with the passage of the Fair Credit Reporting Act (FCRA), Congress established that the unauthorized dissemination of personal information by a credit reporting agency in and of itself causes an injury sufficient to establish Article III standing. Two laptops containing unencrypted personal information of more than 839,000 Horizon members were stolen. Plaintiffs in a putative class action allege willful and negligent violations of the FCRA. There were no allegations that identities were stolen as a result of the breach. (Although one plaintiff alleged he was the victim of a fraudulent tax return and a denial of credit, the court did not reach his argument.) Defendants moved under Fed. R. Civ. P. 12(b)(1) to dismiss for lack of subject matter jurisdiction, specifically lack of standing.
The court found there was no doubt that plaintiffs met the requirement for standing of a particularized injury, because they alleged the disclosure of their own private information. Thus, the court only addressed the concreteness requirement of the injury-in-fact element of standing. It recognized established authority that the violation of a statute creating legal rights can cause an injury in fact sufficient for standing. The court held that with the passage of the FCRA, Congress established that the mere unauthorized dissemination by a credit reporting company causes an injury, even though the information is truthful and not harmful to anyone’s reputation. It stated that Congress provided for damages for willful violations, which shows that Congress believed that FCRA violations cause concrete harm. That is, Congress “elevated the unauthorized disclosure of [credit] information into a tort.”
The court rejected arguments that Spokeo, Inc. v. Robins, 136 S. Ct.1540 (2016) compelled a different outcome. It concluded that Spokeo did not create a requirement that plaintiffs show that a statutory violation has caused a “material risk of harm” to establish standing.
There are separate issues of whether Horizon is a “consumer reporting agency” subject to the FCRA, and whether the FCRA applies when data is stolen rather than voluntarily furnished. Those are subject to a separate motion under Fed. R. Civ. P. 12 (b)(6), which was not before the court, so no rulings were made on those issues.
InDittman v. UPMC, 2017 PA Super 8 (Jan. 12, 2017), the Pennsylvania Superior Court affirmed the dismissal of claims against an employer resulting from a breach of electronically-stored personal and private information. The University of Pittsburgh Medical Center (UPMC) suffered a data breach exposing information about its 62,000 present and former employees. At least 788 of those employees were subsequently victims of tax fraud. The employees asserted that UPMC breached a legal duty to protect their information, specifically by failing to properly encrypt data, establish adequate firewalls, and implement adequate authentication procedures. In a 2-1 decision, the court held that no such legal duty existed.
The court applied the Pennsylvania test to determine whether a duty exists, which requires consideration of five factors. The first factor is the relationship between the parties. Although the employer-employee relationship has traditionally given rise to duties by employers, and thus weighed in favor of imposing a duty, the court did not view this as controlling. The test goes on weigh two further factors, namely the “social utility of the actor’s conduct” and “the nature of the risk imposed and foreseeability of harm incurred.” The court concluded that while a data breach is generally foreseeable, that possibility does not outweigh the social utility and efficiency of storing information electronically. This balancing weighed against imposing a duty on UPMC. (The court strongly implied that if there had been allegations of specific threats and problems with UPMC’s computer system before the breach occurred, the balancing might have come out differently.) The fourth factor is the consequences of imposing a duty. The court stated there was no need to incentivize companies to protect confidential information, and recognized that companies would be required to incur potentially significant costs to increase security measures even though it is not possible to prevent data breaches altogether. It concluded that this factor weighs in factor of not imposing a duty. The final factor is the public interest in imposing a duty. Here the court accepted the trial court’s view that because the legislature has specifically addressed data breaches, and has required only that notice be provided, the public interest would not be served by “judicial action that disrupts that [legislative] deliberation process.” It also stated that creating a duty would “greatly expend judicial resources.” Thus it found this factor weighs against creating a duty.
In addition, the court held that the economic loss doctrine prevented recovery in tort for solely economic damages unaccompanied by physical injury or property damage. Finally, the court held that there was no implied contract to protect the information, because there were no objective manifestations of intent to enter into such a contract, nor was any consideration paid.
InLifeLock, Inc. v. Certain Underwriters at Lloyd’s, 2017 WL 161045 (N.Y. App. Div. Jan. 17, 2017), the First Department affirmed the dismissal of claims seeking coverage under an Information Security, Privacy Liability, First Party Data Protection and Network Business Interruption Insurance Policy. LifeLock is an identity theft protection company. It was sued in several class actions asserting that, through statements on its website, it had engaged in fraudulent and deceptive practices to induce customers to enter into contracts that did not provide the promised protections. The Retroactive Date Exclusion precluded coverage for “related or continuing acts ... where the first such act … was committed or occurred prior to the Retroactive Date.” The statements first appeared on LifeLock’s website in 2005 and remained after the Retroactive Date of January 8, 2008. Underwriters argued that there was pattern of false and misleading advertising beginning in 2005, so the Exclusion applied. The court agreed. In addition, Underwriters argued that the claims fell within the Exclusion for unfair trade practices. Again, the court agreed.
In Anderson v. Nat’l Union Fire Ins. Co. of Pittsburgh PA, No. SJC-12108, 2017 WL 445244 (Mass. Feb. 2, 2017), the Massachusetts Supreme Judicial Court held that post-judgment interest is not to be included in calculating treble damages awarded against insurance companies that are found to have engaged in unfair and deceptive settlement practices. The Anderson family, plaintiffs in the underlying case, filed a personal injury action after their daughter was struck by a bus owned and operated by Partners, Inc. The court awarded the family nearly $3 million in damages. In a separate action against Partner’s insurers, a second court found that the insurers had violated Massachusetts statutes G. L. c. 176D and G. L. c 93A, which authorize treble damages for willful or knowing misconduct in the course of settlement practices. The court calculated the treble damages by tripling the underlying tort judgment combined with the accrued post-judgment interest.
The Massachusetts Supreme Judicial Court held that the lower court was incorrect in including the trebling of post-judgment interest. The statute authorizes the “actual damages” in the underlying claim to be doubled or trebled if an insurance company engaged in willful or knowing unfair settlement practices. The court considered the difference between pre- and post- judgment interest. It found that pre-judgment interest is an integral component of compensatory damages, and therefore part of plaintiff’s actual damages. Moreover, the statute expressly states that the actual damages to be multiplied by the court are the “amount of the judgment,” which includes pre-judgment interest. In contrast, post-judgment interest is not an element of compensatory damages, and is not referred to in the statute. In reaching its holding, the court rejected the argument that it was necessary to include post-judgment interest in the trebled amount in order to protect plaintiffs against bad faith appeals by insurance companies.
InTravelers Indem. Co. v. Northrop Grumman Corp., No. 15-3117-CV, 2017 WL 391926 (2d Cir. Jan. 27, 2017), the Second Circuit held in a Summary Order that Northrop Grumman Corp. is not entitled to coverage for certain environmental cleanup claims because it provided inadequate and untimely notice to its insurers. Grumman operated a naval aircraft manufacturing and testing facility in Bethpage, New York starting in the 1930s. This and neighboring sites were subject to numerous claims for remediation by governmental authorities. Grumman held primary and excess policies with both Travelers Indemnity Company and Century Indemnity Company.
The Second Circuit affirmed a grant of summary judgment in favor of Travelers and Century. Under New York law, an insured is required to notify the insurer of any loss covered under the policy “as soon as practicable.” Grumman had transmitted the Potentially Responsible Person letter to its insurance broker. The court ruled that this did not give rise to a presumption of receipt by Travelers. It did so even though the broker had forwarded the notice to an incorrect address, which had been provided by Travelers in connection with an unrelated claim. The court found that in the absence of a presumption in favor of or evidence supporting receipt, notice was not adequately provided. As to Century, the court found that notice was inadequate because even though Century was copied on a notice, that notice did not identify any Century policies under which coverage was sought, addressed a different suit at a different site, and was directed to a different insurer with different types of policies.
As to another site, the court held that notice provided seventy-seven (77) days after a state agency asserted Grumman was responsible for remediation of a “newly identified area” was untimely as a matter of law. As to yet other sites, it ruled that notice provided three years after receipt on an intent-to-sue letter was inadequate, and alternatively that waiting to provide notice until forty-seven (47) days after a complaint was filed rendered notice untimely.
The court also concluded that neither insurer had waived its late notice defenses. It found that although Travelers did make certain waivers in a letter captioned “Grumman Facility, Bethpage, NY,” those waivers did not relate to the specific claims at issue. As for Century, the court found it could not waive a defense it did not know existed (by virtue of the notice deficiencies identified above), and that the argument that a late notice defense can be waived by the mere passage of time fails on its merits.
In Town of Monroe v. Discover Prop. & Cas. Ins. Co., No. AC 38332, 169 Conn.App. 644, 2016 Conn. App. LEXIS 443 (Conn. Ap. Ct. Dec. 1, 2016), an intermediate appellate court held that a Public Entity Errors and Omissions Liability Policy provided coverage for the defense and indemnity of an action involving both an alleged breach of contract and negligent misrepresentations arising from the same circumstances as the alleged contract. The underlying action arose from an alleged contract between the town of Monroe and Bellsite Development, LLC (Bellsite) for the development and implementation of a wireless telecommunications tower, which Monroe allegedly abandoned. The complaint alleged three counts: breach of contract; promissory estoppel; and negligent misrepresentation. The trial court found in favor of Bellsite on the first and third counts, and the appellate court reversed to the extent of directing judgment in favor of Bellsite on all three counts. Bellsite then brought a declaratory judgment action seeking coverage. The policy excluded claims for “construction, architectural or engineering contracts or any other procurement contract,” with the customary exception for “liability for damages that the insured would have had in the absence of the contract or agreement.” In finding coverage, the court reasoned that depending on the evidence, a finder of fact could have concluded either that (1) a contract existed and any negligent misrepresentation arose out of it, or (2) whether or not there was a contract, Monroe had made negligent misrepresentations. The complaint as drafted “left open the possibility that the alleged misrepresentation did not arise out of a contract.” As a result, the contract exclusion did not preclude coverage. The court also summarily rejected arguments that the personal profit exclusion barred coverage, and that the underlying action did not seek “covered damages” under the policy.
We have just released our White Paper on Cyber and Privacy Coverage Litigation 2016. It addresses last year’s leading cyber and privacy-related coverage decisions across the U.S. under cyber, crime, and general liability policies. You can read it here.