The cyber-insurance world is discussing the ins-and-outs of litigation going on between food manufacturing giant Mondelez International and Zurich over coverage for the ten billion dollar NotPetya cyber attack that crippled several multi-national companies. Zurich has apparently invoked what is colloquially known as the “act of war” exclusion to deny coverage to Modelez under a property policy with cyber elements. Continue Reading
Once again Oregon legislatures are looking at removing the exemption of insurance companies from the Oregon Unfair Trade Practices Act. SB 728 makes violations of Oregon’s Unfair Claims Settlement Practices Act (the “UCSPA”) an unlawful trade practice subject to private rights of action. Currently, the Insurance Division is the only enforcement entity for the consumer protections in the UCSPA, but the Insurance Division does not have the resources to investigate and take corrective action on every instance of insurer misbehavior. Instead, without any real consequences, many carriers routinely fail to honor the claim communication timelines and reasonable settlement obligations under the UCSPA, leaving the impacted insured with little recourse. Continue Reading
Stormwater overflows and similar accidents are a frequent source of damage in Oregon and the Pacific Northwest generally. Insurers often deny coverage for resulting damage under the “surface and flood” waters exclusion. A recent case out of the U.S. District Court of Oregon held that surface and flood water insurance exclusions do not apply to man-made sources. In Veloz v. Foremost Ins. Co. Grand Rapids, Mich. (2018), the court held that surface and flood water exclusions apply to waters from natural—not man-made—sources. Veloz also implied that if the insurer wants to exclude water damage from a burst water main, the insurance policy must specifically state that man-caused waters are excluded.
When two companies agree to work together, they will try to allocate the risk of something going wrong to the company that’s in the best position to prevent that from happening. For example, in the construction industry a general contractor will usually try to push risks from construction defects onto the subcontractors. That risk-transfer usually occurs in two places in the subcontract: 1) in the indemnity language; and 2) in a requirement that the subcontractor makes the general contractor into an “additional insured” on the subcontractor’s liability insurance policy. (A similar scenario happens in a commercial lease: the landlord will want the tenant to provide “additional insured” liability coverage to the landlord.)
In a competitive industry trade secrets can be incredibly valuable. As a result, when trade secrets are stolen, litigation is common. Customer information, supply-chain strategies, marketing plans: all of these have been the subject of lawsuits, typically driven by a high-level executive leaving one company and joining another. Will insurance cover these kinds of trade secrets claims? Maybe—and as a result, every business faced with a trade secrets claim should examine their policies to see whether they could be entitled to at least coverage for their defense costs. Continue Reading
One of the most critical issues in litigation over coverage for long-tail environmental liabilities is the application of the “qualified pollution exclusion” and in particular the carve-out for pollution that is “sudden and accidental.” A new decision from an Oregon federal court tackled this question: Is “sudden and accidental” to be evaluated from the perspective of the policyholder (who may not have done the polluting, but may still be on the hook merely as purchaser of the property) or from the perspective of the polluter/former occupant of the site, who may be long gone? This court held that it is the perspective of the policyholder that counts. This is a significant win to the many companies that may be facing similar disputes with contaminated sites in Oregon in the near future.
Background on the “Qualified Pollution Exclusion.” Throughout history, most general liability policies had no “pollution” exclusion applicable to property damage. In 1973, an exclusion was inserted to the standard-form “CGL” policy that has come to be known as the “qualified pollution exclusion.” In most forms the exclusion reads as follows: Continue Reading
Properly insuring cannabis businesses, and companies that are involved in the industry but that are not themselves regulated under state cannabis law, can be a tricky undertaking. I recently wrote an article for the Oregon State Bar Cannabis Law Section about things to watch out for when advising clients in this space about insurance. (You can find the full article on our website, here, or in pdf form here.)
Key points are the following: 1) the insurance industry is marketing “specialty” policies for cannabis businesses that may exclude the most common risks, particularly regarding products liability; 2) non-regulated businesses involved in the cannabis economy (vendors, commercial landlords) should question whether their “general” insurance policies will respond if there is a loss caused by or involving cannabis products or activities. The insurance industry is increasingly make explicit that “mainstream” coverage does not apply to cannabis risks, and has at times taken an aggressive approach to denying such claims, even where policies are unclear.
The article goes into some detail about the legal issues, so we are not posting it as a blog piece. Happy reading!
The GDPR, the European Union’s Global Data Protection Regulation (GDPR), took effect on May 25. As my colleagues have written, the regulations apply to many US companies that hold data on EU customers, vendors, or employees. Businesses are still scrambling to comply with the regulation, including getting consent from EU contacts to continue to send marketing materials. There are significant questions about how the regulations will be enforced, but one fact is clearly worrisome: under GDPR’s graduated penalty scheme, companies found in violation may be hit with fines of up to the greater of 4% of annual global revenue or 20 million Euros. Fines at that level could destroy many businesses.
Therefore, in addition to taking steps to comply with GDPR, companies should be assessing their insurance program to determine whether their current policies are likely to provide coverage in the event of a GDPR enforcement action or suit. Continue Reading
In a decision with important implications for “long-tail” environmental contamination coverage claims in the Northwest, a federal court in Washington state has held that information from a confidential “allocation” proceeding in a Superfund site does not need to be produced to an insurer for one of the parties. The decision provides comfort to those hoping that this mediation-like process for resolving liability for historical contamination would not impair their insurance rights. If the decision had gone the other way, the allocation ADR proceeding might have ruptured, forcing parties into expensive and lengthy litigation. Continue Reading
Businesses of all sizes are now commonly purchasing “cyber insurance” coverage to protect against financial losses from data security incidents. But these policies—which are not written on standardized forms—can vary widely in what they cover. Here are some common gaps in coverage to watch out for.
Inadequate business income or business interruption coverage.
Many businesses that have had a data-security incident find that the disruption to their business is more harmful than the data that is stolen or otherwise compromised. Coverage is available for business income lost due to an incident, but it is often subject to a sub-limit that may be inadequate, or there may be a waiting period before the coverage will kick in and it may be too late to provide real relief.