Key takeaways

• Two federal courts recently held that, under commercial general liability (“CGL”) policies, insurance companies did not owe policyholders a duty to defend against consumer suits alleging electronic violations of privacy.
• Although specific to the facts and policies at issue, the decisions highlight the uncertainty in relying on traditional CGL policies for data privacy and breach coverage.
• The emergence of the cyber-insurance market with affirmative coverage for data privacy and breach issues has further complicated matters, along with the addition of exclusions to general liability policies for privacy breaches involving electronic data.
• With the assistance of experienced coverage and privacy counsel, companies should assess their exposure to potential data privacy and cyber breaches, and consider the advisability of a cyber-insurance policy that provides appropriate coverage.