Most people won’t be aware of the quiet legal battle taking place in a federal courthouse in Omaha, but it might have a significant impact on how all American data companies defend themselves for the next ten years. In the growing privacy class action against the corporation, Hartford, the insurer, is telling a judge that it owes Data Axle nothing. not protection. Not even a defense. The argument is worth considering because it is more intelligent than the typical insurance shrug.
Quaid v. Data Axle, the underlying case, is unique in a minor but significant sense. The plaintiffs are not unhappy clients. These individuals claim they have never used Data Axle at all; their names and identities are purportedly scraped, bundled, and displayed in “free trial” pitches that Data Axle provided to potential customers of their lead-generation products. Their main complaint is that, without ever registering, we were used as sample inventory in someone else’s sales demonstration. The legal system is still unsure on how to handle this new type of privacy injury.
Hartford’s claim is based on the original wording of commercial general liability policies. The world of slip-and-falls, faulty goods, and the sporadic slander lawsuit was the focus of CGL coverage. Plaintiffs in situations like these frequently attempt to fit their claims into the “advertising injury” clause, which typically covers things like utilizing someone else’s likeness in your own marketing or stealing a competitor’s slogan. The intriguing element is that Hartford claims that Data Axle wasn’t using these personas to promote the company. They were being used to assist its potential customers with self-promotion. Although it’s a minor distinction, coverage law gives it significant weight.
Additionally, there is the issue of intent. CGL plans typically cover “occurrences,” which are unanticipated results of conducting business and have been defined by the industry for decades as accidents. It is intentional to gather personal information and include it in a sales presentation. It’s the item. In essence, Hartford is telling the court that Data Axle should have purchased a cyber policy rather than depending on a general liability backup if it needed insurance for that behavior. It’s unclear if the judge agrees, but the reasoning makes sense.
The case becomes particularly acute when it comes to the privacy-statute exclusions. Over the past few years, both Illinois’s BIPA and California’s CCPA have emerged as silent titans in plaintiff-side litigation, and insurers have responded by incorporating more explicit carve-outs into their policies. Hartford is heavily relying on those exemptions. The gradual but distinct separation of legacy liability coverage from the more recent and complicated realm of data and privacy risk would be strengthened if the court concurs, a tendency that has been gaining traction for some time.
If you squint, you may nearly see a larger image here. Over the past ten years, the insurance industry has witnessed an explosion in the quantity and complexity of cyber and privacy litigation, and they have been subtly redefining what they will and won’t cover. Businesses that thought their outdated CGL insurance would cover everything are beginning to realize they were mistaken, frequently in the midst of a litigation. Coverage attorneys I’ve spoken to over the years seem to believe that this kind of lawsuit was unavoidable. The only thing that needed to be decided was which insurer would make the first move and how far they would go.
Expect the rest of the industry to follow in a matter of months if Hartford prevails in Nebraska. Expect a flood of policy changes by the end of the year if Data Axle prevails. In any case, the days of employing a general liability policy as a catch-all for exposure to digital privacy are most likely coming to an end. There just isn’t a press release at the end of it. One federal district court decision at a time, it’s coming to an end.
