DSW Wins Insurance Battle

The DSW shoe store chain got some good news recently when a federal appeals court ruled that its insurance company is required to cover losses DSW suffered when a hacker breached its computer system and compromised personal information of millions of customers. The case went to the appeals court because the policy was not entirely clear. The policy contained a “computer fraud” rider (why are insurance provisions called “riders”?) that provided coverage for any “[l]oss which the Insured shall sustain resulting directly from … [t]he theft of any Insured property by Computer Fraud … .” But the policy contained an exclusion that provided “coverage does not apply to any loss of proprietary information, Trade Secrets, Confidential Processing Methods, or other confidential information of any kind.” Sounds a little ambiguous, doesn’t it? And that is bad news for the insurance company. There is a rule of law that provides that any contractual ambiguity is interpreted against the party that drafted the contract. It is the legal equivalent of “the tie goes to the runner.” But even if that general rule didn’t do the trick, the Sixth Circuit found that the exclusion — which applied to “trade secrets and confidential processing methods” didn’t cover customer information. According to the court, the “stolen customer information was not plaintiffs’ confidential information, but was obtained from customers in order to receive payment, and did not involve the manner in which the business is operated.” There are a few takeaways from this item . First, insurance companies rarely get a lot of love from the courts. Second, if your business collects personally identifiable information, you probably want to talk to your insurance broker and understand just what protection your business has for a data breach. In DSW’s case, it was a $6.8 million problem. So, it’s worth looking into, agree?