Will Insurance Cover Stolen Client Data?
It is a fact of life that large amounts of sensitive data are transported and stored electronically on flash drives, CDs and other devices. With mobility comes increased risk of lost or stolen information, along with the associated financial cost. If your clients’ personal data is stolen while under your control, do you have insurance coverage available to alleviate the losses?
A recent Seventh Circuit decision addressed this very situation. In Nationwide Insurance Company v Central Laborers' Pension Fund, et al, (7th U.S. Circuit, No. 12-1784, Jan. 11, 2013), Jeanne Hertz, an employee of an accounting firm in Illinois, had a CD containing the names, birthdates and social security numbers of some 30,000 members of various pension fund clients. The CD was inside Hertz's laptop in her car parked outside of her home when the laptop was stolen. After incurring $200,000 in credit monitoring and notification expenses for its members, the funds brought a negligence action against Hertz. She tendered the defense to her homeowner’s insurer, Nationwide. The insurance company denied the claim and then filed an action for declaratory judgment that the claim was not covered.
Nationwide cited two policy exclusions – first, that the stolen property did not belong to Hertz but was instead “rented to, occupied or used by, or in the care of” Hertz; and second, that the property damage was “arising out of or in connection with a business.” The trial court granted Nationwide's motion for summary judgment and the funds appealed. The appellate court affirmed the lower court's decision on the basis of the first exclusion, finding that the CD was exclusively within Hertz’s control and that it was a necessary part of her work.
>> This case illustrates that it may not be sufficient to rely on a homeowner's policy when it comes to handling sensitive client data. Taking steps to secure data, such as using a password protected device, are well-advised. The Nationwide decision is available here.
