In her recent publication, Viruses, Trojans and Spyware, Oh My! The Yellow Brick Road to Coverage in the Land of Internet Oz - Part II, Roberta D. Anderson of The National Underwriter Company discussed the duty of insurers to defend their insured against Fair Credit Reporting Act (FCRA) and Telephone Consumer Protection Act (TCPA) claims under commercial general liability (CGL) policies that cover "advertising injuries." Anderson cited recent case law, including Pietras v. Sentry Insurance Co. 2007 WL 715759 (N.D. Ill. Mar. 6, 2007) (construing Illinois law), which construed terms in CGL policies to extend to FCRA claims, holding that publication of private information to a single individual was enough to constitute an advertising injury, thus triggering a duty to defend. Becuase there was an invasion of a right of privacy (personal information access without permissible purpose) and publication (disseminated to at least one person), there was both a violation of FCRA and coverage of the claim under the advertising injury provision.
Anderson also pointed to Zurich American Ins. Co. v. Feldstone Mortgage Co. 2007 WL 3268460 (D. Md. Oct. 26, 2007) (construing Maryland law), where the plaintiff sued the insured under FCRA for improperly accessing his credit information without his authorization and without a permissible purpose (no firm offer of credit). There, the court rejected the insurer's argument that FCRA does not establish a right of privacy and held that "publication" need not be made to a third party to trigger the duty to defend under the CGL policy. It was enough that the insured accessed credit information in violation of FCRA.
She then went on to describe how the "right of privacy" and "publication" elements of an advertising injury are embodied in underlying claims alleging Telephone Consumer Protection Act (TCPA) violations as well. She pointed to a case involving unsolicited fax advertisements. The insurer argued that while there was a publication of some information (ads), that no right of privacy was infringed by the advertisements (no personal information_. However, the court there (Tenth Circuit) held that it was enough that the unwanted faxes infringed on the recipient's right to be left alone. See Park University Enterprises, Inc. v. American Cas. Co. of Reading, PA 442 F.3d 1239 (10th Cir. 2006) (interpreting Kansas law).
The lesson learned in the article is the importance of the role of general liability insurance policies for companies that market to consumers on the web or otherwise. It is also a warning. Insurers may face liability under their CGL policies for failing to defend their insureds against consumer FCRA and TCPA claims. This is because "advertising injury" has been construed broadly to encompass nearly any act of publication of private information which violates either statute.
Source: Andersen, Robert D., Viruses, Trojans and Spyware, Oh My! The Yellow Brick Road to Coverage in the Land of Internet Oz - Part II, The National Underwriter Corporation, 2014. http://www.klgates.com/files/Publication/787006d0-b42d-4994-a51d-20a3e3af52d4/Presentation/PublicationAttachment/8eae73c8-4f47-4c14-a032-0723002f5d9d/Viruses_Trojans_and_Spyware_Oh_My.pdf
