RISK MANAGEMENT
The explosive growth of the Internet has created
a network of coverage concerns
By Donald S. Malecki, CPCU
The Internet is producing many exposures of unknown quantity, causing insurers frequently to introduce exclusions until they can get a better handle on what these exposures may produce.
Given the state of today's insurance market, agents probably aren't giving a lot of thought to new product development and policy changes that currently are taking place. But someday the insurance market will return to normal. Competition will be restored, and underwriters' tolerance for risk-taking will increase. Tight underwriting requirements will loosen, and the needs of insureds will be recognized with more sensible pricing and better protection. Therefore, producers will need to know how business needs are being affected by change--including product development (what little there may be)--so that when the insurance market is restored to better days, they can continue to serve their clientele.
The risks associated with cyberspace, the Internet and whatever term covers the entire field involving computer use and the exposures it creates constitute one of the areas where insureds and insurers alike need to keep abreast of the times. Everything is in a state of flux today. Laws are continually being enacted (such as the Anticybersquatting Consumer Protection Act of 1999) or being updated (such as the Lanham Act of 1946) to address growing cyberspace exposures. What complicates matters is that the Internet is producing many exposures of unknown quantity, causing insurers frequently to introduce exclusions until they can get a better handle on what these exposures may produce. It is no small wonder that the exposures needing insurance are difficult to define specifically.
Currently looming as a future battleground with insurance implications will be the question of who rightfully owns a particular domain name for a Web site. (An example of a domain name is www.roughnotes.com). Because there is no clearinghouse for the selection of these domain names, it is not unusual for one business to encounter another business with a domain name or a Web page address similar enough to cause one or both of the parties to file suit.
One of the questions likely to be raised in these lawsuits is whether the defendant is guilty of a trademark infringement. The plaintiff may ask only that the defendant observe a court-ordered injunction to cease doing whatever it is that is allegedly offending the plaintiff. Sometime during this litigation, the defendant will likely be interested in insurance coverage to cover its legal costs and damages.
Standard ISO commercial general liability policies (there are many editions in use today) do not cover injunctive relief costs in the absence of covered or potentially covered monetary damages. But with the possibility of coverage for monetary damages in some cases, and a potential explosion of lawsuits, ISO is introducing some additional provisions to clarify what is and is not intended to be covered under its CGL forms.
Regarding domain names, a new exclusion has been added with ISO's 2001 forms titled Unauthorized Use of Another's Name or Product. It specifically (and clearly) precludes damages "arising out of the unauthorized use of another's name or product in your e-mail address, domain name or metatag, or any other similar tactics to mislead another's potential customer." 1
Some other related changes that require future exploration and comment are the introduction of another exclusion titled Infringement of Copyright, Patent, Trademark or Trade Secret, and a broadened definition of "advertisement."
Briefly, however, standard CGL forms exclude liability arising out of trademark infringement, other than the infringement of copyright, trade dress (a unique form of intellectual property) or slogan in an advertisement. In the wake of even a greater potential for cases involving trademark infringement via the Internet, ISO is introducing another exclusion to reinforce its intent to exclude trademark infringement, copyright, patent, and trade secrets.
Question is resolved
Another subject related to cyberspace that has long been in dispute is the question of whether computer data is considered to be tangible or intangible property under liability insurance. Fortunately, it has been resolved by the addition of a new ISO endorsement. Readers may appreciate some background information.
The opinion of some (primarily insurers) has been that computer data is not tangible in nature because it is incapable of being touched. However, the offsetting argument (primarily insureds) has been that once the data can be viewed, edited or printed, whether or not onto hard copy, it is considered to be tangible property.
One of the earlier cases on this subject that held for the insurer under a CGL policy but was later reversed is Magnetic Data, Inc., v. St. Paul Fire and Marine Insurance Company, 442 N.W.2d 153 (1989). The computer company (insured) was hired to inspect disk cartridges for defects. While doing so, an employee of the computer company erased all of the information stored on the tapes.
When the computer company sought coverage under its CGL policy, it was denied on the basis that the erased information was not tangible property and, therefore, the erasure could not considered to be "property damage" as defined by the CGL policy. The insurer also denied coverage based on the care, custody or control exclusion.
The lower Minnesota court ruled for coverage. But the higher court ruled against coverage, unfortunately without ever deciding whether computer data was tangible property. In sidestepping the issue, this court stated that if the data were intangible property, it would be outside the tangible property requirement. However, even if it were tangible property, it would then be within the care, custody or control exclusion.
In another case in the same jurisdiction, the court ruled that disappearance and loss of a computer tape containing stored information, while in the possession of the insured, was considered to be physical injury to tangible property. This case is Retail Systems, Inc., v. CNA Insurance Companies, 1991 C.C.H. (Fire and Casualty) 3173.
A number of other disputes have reached the courts over the years. Unfortunately, the majority of these cases dealing with computer data as tangible property addressed the subject from the perspective of a state's ability to tax that data or an individual's right to deduct its value when lost or damaged and, therefore, were of no help to insurance-related issues.
With nothing in sight over this question but more litigation, ISO made the decision to view electronic data as intangible property. With its latest (2001) changes, ISO has amended its CGL forms with the addition of the following wording within the definition of "property damage": 2 "For purposes of this insurance, electronic data is not tangible property. As used in this definition, electronic data means information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD-ROMS, tapes, drive cells, data processing devices or any other media which are used with electronically controlled equipment."
With the computer data officially excluded by the latest edition of CGL forms, ISO also is in the process of offering what is referred to as Electronic Data Liability Endorsement, CG 04 37, with a February 2002 edition date. The rationale for this form is to provide coverage for liability arising out of the loss or corruption of computerized or electronically stored data or software. But what must first result is an occurrence that causes physical injury to tangible property.
This endorsement includes the above defined term "electronic data" and adds a third definition to the term "property damage," as follows:3
Loss of "electronic data"
Loss of "electronic data" means loss of, loss of use of, damage to, corruption of, inability to access, or inability to properly manipulate such data, resulting from physical injury to tangible property. All such loss of "electronic data" shall be deemed to occur at the time of the "occurrence" that caused it. For purposes of this insurance, "electronic data" is not tangible property.
The endorsement requires an additional premium charge and is subject to sub-limit; the range at this time is not known. One must keep in mind that for coverage to apply, there must be an occurrence, physical injury to tangible property, and none of the CGL form's exclusions applicable, such as Damage to Property exclusion (j).
Using the Magnetic Data case as an example, this new endorsement would be of no added value because, apart from the accidental erasure of data, there was no physical injury to tangible property. Examples of where this coverage might be applicable need to be pondered carefully and, of course, practical examples will likely be required to sell this coverage.
A certain hazard confronts producers when they sell a coverage and their clients accuse them of selling something worthless. This creates a dilemma because they also can be blamed for not offering the coverage. Much will depend on the limits offered by insurers and, particularly, cost. However, at the time of loss, insureds do not ask what insurance costs, but when their claim will be paid.
If a contractor's installation of roofing material leaks prematurely and causes water damage to a building's interior and computer hardware, which in turn causes accidental erasure of data, coverage would appear to apply. If, through a tenant's negligence, fire damages a multi-occupancy building and the computer system of other tenants is damaged, coverage also would appear to be applicable.
Other exposures
Producers need to keep in mind that any insureds holding computer software belonging to others and faced with the exposure of accidental loss or damage should investigate the need for some specialized data processing coverage, including errors and omissions coverage.
In fact, both errors and omissions and professional liability-type coverages relating to cyberspace will become increasingly necessary in light of ISO's introduction of two additional exclusions. One is titled Exclusion - Internet Service Providers and Internet Access Providers Errors and Omissions, CG 22 98. The other is Professional Liability Exclusion - Web-Site Designers. *
1 Copyright, ISO Properties, Inc., 2000, with its permission.
2 Copyright, ISO Properties, Inc., 2001, with its permission.
3 Copyright, ISO Properties, Inc., 2001, with its permission.
The author
Donald S. Malecki, CPCU, is chairman and CEO of Donald S. Malecki & Associates, Inc. He is a committee member of the International Insurance Section of the Society of CPCU, on the Examination Committee of the American Institute for CPCU, and an active member of the Society of Risk Management Consultants.