This entry is part 9 of 10 in the series IRONSHORE
TechDefender

Tech E&O, Network Security, Internet Media, and MPL Insurance Policy

Insuring Agreement I.J. TECHNOLOGY AND INTERNET
LIABILITY COVERAGE
Remember: This Blog is organized around insuring agreements, definitions, and exclusions. Conditions, etc., may be remarked upon briefly, but they often resemble not only so-called “Real World” policies and those found in other currently existing so-called  “Policies for the Virtual World.” It also ignores policy limits, retention matters, notice requirements, time intervals for coverage, etc., important as all these are. As usual, the discussion of everything in this blog is
Be sure to read the “Concluding Remarks,” Even if you don’t read all–even much–of the rest of the blog.
*****************************************************************************
Insuring Agreement
Once the temporal and procedural components are ignored, the substance of the insuring agreement looks pretty much like this:The Insurer will pay on the Insureds behalf all Loss. . .that the Insured is legally obligated to pay as Damages as the direct result of any covered Claim alleging a Technological Wrongful Act, except to the extent the Claim “would be covered under Insuring Agreements B and C[.]”  [B is NETWORK SECURITY LIABILITY COVERAGE;  C is PRIVACY LIABILITY COVERAGE, and both have been discussed in earlier blogs regarding this policy.]It is worth keeping in mind that actionable defects in the rendering of “professional services” are often called “errors and omissions” policies, although both an error and an omission are not required–one of them will do just fine.  They are also often called various types of “malpractice.”  (A generation ago, or so, the phrase “errors and omissions” applied to errors of accountants. Those separate usages are gone.)
New Definitions
All, or virtually all, of the starting definitions to be found in the insuring agreements (and in the exclusions, for that matter) depend upon other definitions. A rests on B; B rests on C; and so forth. The key definition of a substantively significant matter is the particular type of wrongful act. Going over the definitions will take some time.

The starting definition with which this coverage analysis starts is a buried definition, namely, Technological Services.  Obviously, the nature of (or the character of) a “wrongful act” depends on that activity with respect to which there has been a wrongful act. This definition is complex; it takes up nearly half a page.

One thing about the idea of Technological Services is that it includes many services that are regarded as “professional services” on some policies in the so-called “real world.”  These are policies that are not ordinary policies, e.g., for life, home and similar buildings, individual vehicle (including boats and the like), etc.  They are not ordinary business policies that cover a slew of ordinary activities.  Instead, they are policies that cover specialized and “high class” activities, usually by persons and their companies. Only their professional activities are covered, and in many cases the “wrongful act” is negligence. Here are some examples: physicians, lawyers, accountants, psychologists, brokers, some financiers, and so forth. The Technological Services definition covers some professional services, in this sense, but others as well.  (Then again, perhaps in cyber lingo and its system of concepts lots of activities are called professional the analogs of which in the so-called “real world” would not be counted as such.  This may be quite reasonable since it is a very complex “world.”)

Here are some of them:
(1) analysis, design, [and much else] of Computer Systems
(2) “database design,” (including the warehousing, storage, or recording or analysis of data, etc.)  [MSQ: surely including “cloud” activities],”
(3) other related services:
(a)  consulting, etc. of “technological information,” plus manufacture, repair, etc.,
(b) licensing computer software,
(c) website design, and the provision of various sorts of services, etc.,
(d) design, etc., of chat rooms, etc.,
(e) “e-commerce transaction services,” etc., &
(f) “electronic data destruction services.”

The meaning of the phrase Technological Wrongful Act is much simpler;  it “means any or alleged actual act, unintentional error alleged act, omission neglect or breach of duty by an Insured or Service Provider to others for a fee, including the Insured’s intentional breach of contract to render services to others, or the failure of the Insured’s Technological Products to perform the function intended.”

The idea behind Technological Products is easy to grasp.  So is the idea of Service Provider, except that it is a hireling of the Insured and does its work. (Of course, both of these summaries of definitions are just that, rough summaries.)

A too limited (and somewhat speculative) summary is this: The kind of wrongful act covered has to do with fouling up work in connection with an insured’s technological work (or those of its service provider) they directly harm some computer stuff belonging to someone else and found in the so-called “cyber world” damages to the company to which the cyber material. However, I.J.provide coverage to that portion of this policy “covered under insuring agreements I.B and I.C.” [The emphasis is mine]

The “and” in this exclusion or limit built into the insuring agreement requires that an event and consequence of that event be covered under both I.B and I.C in order to be outside J-coverage.
The coverage provided in I.B is injuries and then losses inflicted upon the network security of another by means of a covered wrongful act. (See Part See III.)  Being covered by I.B but not I.C doesn’t entail any coverage under I.J.  Insuring agreement I.C covers injuries and losses caused to the privacy (or privacies) of others.  (See Part IV)  .C alone does not take an injury and its losses out of I.J.  It must be conjoined to I.B.

My guess is that actionable invasions of privacy on the net can occur without the destruction of or injury to network security.  I.J is really about fouling up the rendition of cyber services.  Obviously, inflicting damages upon a network is the same as a failure to render satisfactory services.  Not will the latter be likely to invade someone’s privacy.  So why separate them off so sharply? Simplifying adjustment? Unlikely: the adjustment process with remain the same.  Premium allocation?  A little more likely, perhaps, since reinsurance would be priced differently without this “exclusion.” Neither of these seems likely, however, so I am mystified.

Originally posted on 10/10/2013 @ 10:03 pm

Series Navigation

<< An Ironshore Cyber Policy–Part IX: I.H: Business Interruption Income Loss–Part IXIronshore Cyber Insurance Policy >>

Michael Sean Quinn, PhD, JD, CPCU, Etc

Michael Sean Quinn, PhD, JD, CPCU, Etc. (530)

One of Texas's leading insurance scholars, Michael Sean Quinn is a past chair of the Insurance Section of the State Bar of Texas and has a broad legal practice.

Hits: 0