Advertisement

Header Utility Menu

  • Subscribe
  • Advertise
  • Contact Us
  • Events

LinkedIn Facebook Twitter Instagram Get Our App

  • Login

Virginia Business

Mobile Menu

  • Issues
  • Industries
    • Banking/Finances
    • Business Law
    • Commercial Real Estate
    • Economic Development
    • Education
    • Energy/Green
    • Federal Contracting
    • Government
    • Healthcare
    • Hotels/Tourism
    • Insurance
    • Ports/Trade
    • Small Business
    • Technology
    • Transportation
  • Regions
    • Central Virginia
    • Eastern Virginia
    • Northern Virginia
    • Roanoke/New River Valley
    • Shenandoah Valley
    • Southern Virginia
    • Southwest Virginia
  • Reports
    • Best Places to Work
    • Business Person of the Year
    • CEO Pay
    • Coronavirus 2020
    • Generous Virginians Project
    • Legal Elite
    • Most Influential Virginians
    • Maritime Guide
    • Site Locator
    • The Big Book
    • Virginia CFO Awards
  • Company News
    • For the Record
    • People
  • Opinion
  • Lists
  • Awards/Events
    • Diversity Leadership Series
    • Vote Now for Women in Leadership
    • Virginia 500
    • Legal Elite
    • CFO Awards
    • Big Book of Lists
    • 100 People To Meet
    • Best Places To Work
  • Virginia 500
    • Read the issue
    • Order a copy
    • Buy an award plaque
    • Nominate execs for 2021

Advertisement

Header Primary Menu

  • virginiabusiness.com
  • Subscribe
  • Advertise
  • About Us
  • Contact Us

Home Opinion Nationwide reboots policyholder’s data loss claim

Nationwide reboots policyholder’s data loss claim

Published January 22, 2013 by Collin Hite

Cyber and data losses continue to raise major concerns among businesses.  Beefing up security procedures and ensuring appropriate cyber insurance is in place should remain a top priority for companies in the first quarter of the new year.  However, no matter how stringent one’s procedures are, the weak link continues to be the human aspect within the process.  Personnel failures in following security procedures can compromise even the best protocols and security systems.  More companies are learning this lesson the hard way and then discovering the gap in insurance coverage for the loss.

The latest example confirming this problem comes out of the United States Court of Appeals for the Seventh Circuit, which includes Illinois.  Nationwide Insurance Co. v. Central Laborers’ Pension Fund, ___ F.3d ___, 2013 WL 135726 (7th Cir., Jan. 11, 2013).  This is an influential appellate court and its decisions can be used to persuade other courts around the country, including Virginia.  Jeanne Hentz was employed at an Illinois accounting firm.  The firm performed auditing work for several pension funds (the “Funds”) as part of its client base.  One day after work Hentz inserted a CD into her laptop with the Funds’ data on it to work from home.  While at home she left the laptop, including the CD, in her car where it was stolen.  The Funds spent almost $200,000 in credit monitoring and insurance expenses to protect themselves from criminal use of the stolen data.  They then sued Hentz in state court to recover these expenses.

Hentz had a homeowner’s policy with Nationwide Insurance.  She tendered the state lawsuit to her insurer to provide a defense and ultimately indemnify her in the case.  Nationwide believed it did not owe coverage, so it filed a federal declaratory judgment action against its policyholder and the Funds to deny coverage.  “Nationwide argued that Hentz’s claim was not covered because the Policy does not cover ‘property damage’ to property rented to, occupied or used by or in the care of the ‘insured.’  Nationwide also relied upon language in the Policy stating that it does not cover ‘property damage’ arising out of or in connection with a ‘business’ conducted from an ‘insured location’ or engaged in by an ‘insured’, whether or not the ‘business’ is owned or operated by an ‘insured’ or employs an ‘insured.’”  The trial court granted Nationwide summary judgment on the first argument and the Funds appealed.

The Court easily agreed with the trial court as to the first argument.  In Illinois the “in care of” exclusion “applies only if two elements are met: the property lost or stolen was (1) within the exclusive possessory control of the insured at the time of the loss; and (2) a necessary element of the work performed by the insured.”  The Court found the fact that the laptop was in Hentz’s automobile made the data within her exclusive control, and that the CD was a necessary part of her work as a CPA.  Courts in Virginia would likely look favorably on this argument.

The appellate court, however, went further than the trial court by also addressing the second reason asserted by Nationwide to deny coverage – the business exclusion.  This exclusion does not cover property damage arising out of or in connection with the operation of a business engaged in by the insured.  Hentz’s employer was clearly engaged in an accounting business and it employed the insured.  The underlying state lawsuit alleged that Hentz, as part of the business, had a duty to safeguard the confidential information of the clients, including the Funds, as part of being an accountant.  The loss of the CD was alleged in the state lawsuit to constitute a breach of that duty.  Thus, the “business exclusion” applied.  This is a classic example of a plaintiff, in this case the Funds in the state lawsuit, pleading an insured out of coverage.  It is important to remember that many states follow the “Eight Corners” rule in analyzing coverage for a lawsuit.  The Court compares the allegations within the four corners of the complaint to the terms within the four corners of the insurance policy; if the allegations in the lawsuit are not covered then the policyholder does not get a defense.  This is true even when the policyholder knows the allegations in the complaint are not factually correct. 

Hentz and the Funds lost the argument for coverage in this instance where a standard homeowner’s policy failed to cover the data loss at issue.  The Court’s opinion notes that the Funds were also pursuing a claim directly against the accounting firm, and the question is: Did that firm possess the correct cyber insurance to cover the loss?  This case not only provides guidance for filling in an important gap in coverage where employees take work home with them, but highlights the weakness in any company’s data protection policies.  Laptop usage, thumb or external drives, personal email accounts and open Wi-Fi usage by employees all compromise the best security procedures.  It is just human nature that employees are going to access your network and data to work in the easiest manner possible.  While it may be impossible to fully secure your data due to human actions, the next best procedure is to ensure your business has the appropriate cyber insurance to backstop the loss.  While the Funds spent $200,000 in this instance, there are many more examples where the cost is much higher.  Some cyber-insurance policies exclude coverage when the lost data was unencrypted.  In short, policyholders are encouraged to review their insurance programs to verify that they possess the appropriate types of coverage to protect against cyber and data losses.

Collin Hite is the practice leader of the Insurance Recovery team in Hirschler Fleischer’s Richmond office. He handles insurance recovery and coverage litigation nationally in the areas of business interruption, cyber/data breaches, construction, business torts, products liability, directors’ and officers’ liability, employee dishonesty, intellectual property, environmental and bad faith matters. For more information, please contact Collin at 804-771-9595 or [email protected].

Related Stories

No related posts.

Trending

Finance/Insurance: STEPHAN Q. CASSADAY

Finance/Insurance: PAUL B. MANNING

Federal Contractors/Technology: JASON PROVIDAKES

Education: ANNE M. KRESS

Artemis I to launch with help from Va. contractors

Sponsored Stories

Why is my Less Than Truckload (LTL) freight pricing going up and my service level going down?  

Beyond Juneteenth – How Capital One is Commemorating and Implementing Change

How We Help Your Business Operate Better

Before the Breach: Get Serious About Cyber Resilience

Professionals are Discovering What it Means to Live Uniquely in the Alleghany Highlands of Virginia

Riverside Logistics Celebrates 25th Anniversary!

Girls for a Change Empowers Black Youth for the Future Workforce

The Jackson Ward Collective is equipping Black-owned small businesses with the tools for success

Advertisement

Advertisement

Trending

Finance/Insurance: STEPHAN Q. CASSADAY

Finance/Insurance: PAUL B. MANNING

Federal Contractors/Technology: JASON PROVIDAKES

Education: ANNE M. KRESS

Artemis I to launch with help from Va. contractors

Sponsored Stories

Why is my Less Than Truckload (LTL) freight pricing going up and my service level going down?  

Beyond Juneteenth – How Capital One is Commemorating and Implementing Change

How We Help Your Business Operate Better

Before the Breach: Get Serious About Cyber Resilience

Professionals are Discovering What it Means to Live Uniquely in the Alleghany Highlands of Virginia

Riverside Logistics Celebrates 25th Anniversary!

Girls for a Change Empowers Black Youth for the Future Workforce

The Jackson Ward Collective is equipping Black-owned small businesses with the tools for success

Get Virginia Business directly on your tablet or in your mailbox!

Subscribe to Virginia Business

Advertisement

Advertisement

Footer Primary Menu

  • virginiabusiness.com
  • Subscribe
  • Advertise
  • About Us
  • Contact Us

Footer Secondary Menu

  • Industries
  • Regions
  • Reports
  • Company News
  • Events

Sign Up For Our Newsletter

Sign Up

LinkedIn Facebook Twitter Instagram Get Our App

Privacy Policy Cookie Policy

Footer Utility Menu

Copyright © 2023 Virginia Business. All rights reserved.

Site Maintained by TechArk