Risk Management--Electronic data exclusion

By Donald S. Malecki, CPCU

Sixteen exclusions and counting. This is how many built-in exclusions will apply to the standard ISO Commercial General Liability policy beginning in December 2004 in most jurisdictions. When the 1986 CGL policy provisions were introduced, there were 14 built-in exclusions. Twelve years later, the 15th exclusion was added with the 1998 revisions.

At that time, the drafters thought an exclusion was necessary in relation to Coverage A to preclude coverage for bodily injury arising out of personal and advertising injury.

The reason for this change was that under Coverage B the term "personal and advertising injury" was newly defined as including consequential bodily injury. Therefore, drafters thought it was necessary to exclude consequential injury under Coverage A to the extent that consequential injury might result from a personal and advertising injury offense.

Thus, if a third party were to suffer bodily injury, i.e., physical bodily harm relating to some covered personal injury offense, the consequential bodily injury would be subject to Coverage B. If, on the other hand, the bodily injury was unrelated to a personal injury offense, Coverage A should apply. Without this change, an argument could be made for triggering both Coverages A and B.

The latest exclusion

The latest exclusion is titled (p) "Electronic Data" and precludes coverage for "damages arising out of the loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate 'electronic data.'"1 The term "electronic data" in this new exclusion is used in a way that is identical to the way it is used in the defined term "Property Damage."

This Electronic Data exclusion is not considered to be new with the 2004 revisions. It is merely added to make clear what was intended when the term "electronic data" was newly defined and introduced with the 2001 revisions.

The drafters undoubtedly thought they could exclude these types of losses dealing with electronic data simply by making clear that "property damage" as defined does not encompass losses dealing with electronic data. From this standpoint, at least, the drafters made this intent clear.

Thus, since the term property damage means (1) physical injury to tangible property, including all resulting use of that [tangible] property, or (2) loss of use of tangible property not physically injured, and "electronic data," as defined, is not considered to be tangible property, then electronic data would not appear to fall into either of the "property damage" categories.

The problem is that the definitions of property damage and electronic data are not exclusions. Certainly terms can be defined to expand or limit the extent to which coverage may apply. But the courts frown on attempts by insurers to exclude coverage by means other than an exclusion. After all, an exclusion--which is one of the four elements determining the scope of coverage--in custom and practice is the way to take away coverage.

While some insurers may have been successful in persuading the courts to rule against coverage based on how a term is defined and in the absence of an exclusion, it is not a foolproof way to do so. In fact, it is a tough-sell approach.

Impact of exclusion

The full impact of this exclusion (p), dealing with electronic data, is not fully known, but it appears that the insurers intend a clean-sweep with far-reaching implications. The reason is that any damage sustained by a third party that affects loss dealing with electronic data would appear to be excluded, despite the fact that the CGL policy insuring agreement states that the insurer will pay damages because of property damage; that is, all consequential damages flowing from property damage are considered to be covered.

With new exclusion (p), however, all consequential damages flowing from property damage are covered except for damages arising out of the loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data.

This exclusion is not limited to any one profession or business activity. What is difficult to identify, however, is the nature of the business activity that might give rise to electronic data damage. Admittedly, this exclusion may be more pronounced for contractors, particularly those that do landscaping or excavation work.

It is not too difficult to visualize, for example, the impact of a contractor's severing of a fiber optic line while landscaping or excavating. All monetary loss flowing as consequence of such an event and involving electronic data would be excluded. It would not matter whether the explosion, collapse or underground (X, C or U hazards) were covered or not.

Suppose a rigger is hoisting a large vault for installation into a building when the cable snaps and the vault drops through the roof and several floors severing and disrupting the electronic data system housed in the building. The good news is that the CGL policy will cover damage to the building, the rigging policy will cover damage to the vault, but no coverage would apply for the consequential loss flowing from disruption of the electronic data.

Another example: Movers of heavy equipment lose control and the equipment crashes through a wall and sets off the sprinkler system, damaging a business's computer system. Any loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data is not likely to be covered here either.

If, on the other hand, an operator of a delivery van loses control and strikes a building setting off a chain of events that ultimately lead to loss of use or damage to a business's computer system, coverage should apply for all such damages. The reason is that this electronic data exclusion is limited to the CGL coverage provisions and does not affect the business auto, truckers and motor carrier coverage parts.

Partial solution

Even though the drafters of this exclusion probably do not know what impact this exposure may have in terms of the dollar damages that could result from the loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data, some insurers have offered businesses the opportunity to purchase some coverage against this exposure.

This was made possible when ISO introduced a special Electronic Data Liability endorsement in 2002. This endorsement is being revised effective December 2004 to make clear that the coverage applies hereunder when damages arising out of the loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data are the result of physical injury to tangible property. It is uncertain whether there are situations where such loss dealing with electronic data could arise from loss of use of tangible property not physically injured. If there are, note that no coverage would apply under this endorsement, since coverage applies only when there has been physical injury to tangible property.

It also is important to note that this Electronic Data Liability coverage is subject to a sub-limit that could be considerably less than an actual damages event. On the other hand, some people may view this limited coverage, available for extra premium, as being better than nothing.

What is next?

For a while, it appeared as though the next exclusion that insurers might have added to their CGL policies would have been to address the cases dealing with invasions being made by unsolicited facsimiles. A number of courts have held that coverage applies for damages sustained by innocent recipients of unsolicited facsimiles.

Perhaps insurers believe that the Telephone Consumer Protection Act (TCPA) of 1991, 47 U.S.C., Sec. 227 will curb these offenses. Under this act, persons may bring an action to recover actual monetary loss or receive $500 in damages for each such violation, whichever is greater.

One of the latest cases dealing with unsolicited facsimiles is Universal Underwriters Insurance Co. v. Lou Fusz Automotive Network, Inc., et al., 300 F.Supp. 888 (U.S.D.C. D. Mo. 2004) where two auto dealers were sued for allegedly sending unsolicited advertisement faxes in violation of TCPA. The suits were brought as class actions and sought not only injunctive relief, but also the full amount of statutory damages.

The insurer of these two dealers accepted the defense of these suits under a reservation of rights and then filed a declaratory judgment action asking the court if it had a duty to defend and indemnify. The insurer also claimed that the allegations were not covered for two reasons. First, it claimed that the TCPA statutory damages were civil penalties which, under the policies in question, were not covered. Second, the insurer claimed that the transmission of unauthorized facsimiles was an intentional act and therefore not an occurrence.2

The car dealers argued that the TCPA allegations triggered coverage under their policies in four ways: (1) under personal injury liability coverage because the unsolicited faxes invaded the right of privacy of the recipients; (2) by presenting a private nuisance under the policy; (3) by invading the right of those who received the faxes to their possession of personal property; and (4) by damaging or causing loss to tangible property, i.e., the paper and ink cartridge.

To make a long story short, the court ruled that the activities of the auto dealers were not considered to be intentional acts, and that the acts were potentially within the invasion of privacy and private nuisance provisions. The insurer therefore had the duty to provide defense.

Because learning about the implications of TCPA and kindred laws takes time, perhaps insurers are taking a wait-and-see attitude dealing with these facsimile infractions. It does seem as though the number of daily unsolicited facsimiles has subsided somewhat. Perhaps the violators are turning their attention to the more lucrative opportunities of unsolicited commercial e-mail, more conveniently termed spam. Whatever the case may be, more exclusions are inevitable.

How many more will be added over time? No one knows for sure. Much will depend on the nature and outcome of future litigation and whether insurers will want to admit that the policy provisions are intended to encompass the coverage in question. If not, there may be another exclusion with or without the possibility of buying back the coverage.

1Copyright, ISO Properties, Inc. 2003.

2Many insurance company claims people and producers are under the mistaken assumption that an intentional act is not an occurrence. Close reading of the policy will reveal, however, that what is excluded is an intentional injury, not an intentional act. In addition, this defense has no application when dealing with "personal and advertising injury" coverage. *

The author

Donald S. Malecki, CPCU, is chairman and CEO of Donald S. Malecki & Associates, Inc. He is an active member of the CPCU Society, serves on the Examination Committee of the American Institute for CPCU, and is an active member of the Society of Risk Management Consultants.