Data Breach, Covered.
July 25, 2021The relevant policy language in a data-breach coverage dispute provided insurance for:
In Landry’s, Inc. v. Ins. Co. of the State of Penn., the Fifth Circuit found that this language created coverage, observing, inter alia:
- “Publication”: “[C]overage is triggered by a ‘publication, in any manner.’ It follows that the Policy intended to use every definition of the word ‘publication’—even the very broadest ones. And some of the dictionary definitions of ‘publication’ are quite broad.”
- Scope: “[T]he Policy does not simply extend to violations of privacy rights; the Policy instead extends to all injuries that arise out of such violations. … [I]t’s undisputed that a person has a ‘right of privacy’ in his or her credit-card data.” (emphasis in original).
- Injury: “[E]veryone agrees that the facts alleged in the Paymentech complaint constitute an injury arising from the violation of customers’ privacy rights, as those terms are commonly understood. It does not matter that Paymentech’s legal theories sound in contract rather than tort. Nor does it matter that Paymentech (rather than individual customers) sued Landry’s. Paymentech’s alleged injuries arise from the violations of customers’ rights to keep their credit-card data private.”