January 1, 2003
Insuring E-Commerce Exposures
INSURING COMMERCE EXPOSURES: OLD POLICIES FOR NEW RISKS AND NEW POLICIES FOR NEW RISKS
R. Scott Brearley
January 2003
INSURING E-COMMERCE EXPOSURES: OLD POLICIES FOR NEW RISKS AND NEW POLICIES FOR NEW RISKS
Emerging technologies have been called “the single biggest insurance risk of the 21st century”. Computers and related technology are increasingly found at the centre of everyday commercial and personal life. The increased reliance on technology creates an increased vulnerability to technology-related perils. Underwriters could not have intended heretofore unknown risks to be covered by traditional policies of insurance but, as those perils manifest, insurers will be faced with an increased volume of claims and concerted legal efforts to expand the coverage afforded by those policies of insurance. At the confluence of business and law, insurers face the risk of judicially expanded grants of coverage, covering multiplying sources of liability without the benefit of additional premium. This is the resulting imperative: identify the new risks and understand the need for a new breed of policy.
The purpose of this paper is to examine the extent to which coverages developed prior to the advent of modern e-commerce are being forced to respond to new and emerging liabilities. In addition, an examination will be undertaken of the insurance industry’s efforts to address these new exposures with specifically designed policies underwritten with adequate premium to justify the emerging risks.
I. THE RISKS
The significance of the risks created by new technologies is readily apparent. For example, the increasing use of fiber optic cable in the telecommunications industry raises the prospect of costly business interruption claims and attendant remediation costs. The total cost of initially laying this cable can reach $1 million (US) per mile. A single strand in the dozens that comprise one cable can carry tens of thousands of phone calls at a time. Industry sources estimate that, by 2002, a single strand will be capable of carrying five million calls at one time. A cable severed during excavation or other construction work will inevitably result in significant damages and disputes over the concomitant issue of liability.
The chief problem for underwriters is the presence of ambiguity in existing policies of insurance. Did underwriters intend for existing policies of insurance to cover newly emerging risks created by newly emerging technology? Did, for example, the underwriters at ING Western Union intend for the advertising injury endorsement in their general liability policy to cover a political party’s efforts to advocate a specific political agenda? Intention notwithstanding, the British Columbia Court of Appeal found coverage, as Courts often will when policy wordings are ambiguous:
From this discussion, it must be apparent that the words of the policy are not easily applied to some of the factual circumstances, including those before us. While it might be possible to develop a primitive guideline for structuring a decision about advertising injury coverage, given the inherent ambiguities of the terms, it would be better were the insurer to develop a meaning for the words “advertising” and “advertising activities” to accord with the risks it is prepared to cover. Otherwise, the Courts will continue to apply a broad common sense idea of what constitutes advertising and an advertising activity on the particular facts of each case. In practice, a common sense approach and the rules for interpreting policies are likely to favor coverage, at least so far as the duty to defend is concerned, wherever the provision is ambiguous in its application to the alleged facts.
As e-commerce perils augment the current demands placed on existing policies, resulting claims will include more than the usual demands for coverage and the costs of defending a third party action. Computer hardware, software, and data are just as vulnerable to fires and floods as more conventional forms of property, but the threats to such technological property are greater in number still. Static electricity, power failures, and surges all pose a risk to the integrity of a computer system. “On-line” threats, such as hackers or viruses, similarly threaten the integrity of every computer system. Successful attacks necessitate costly remediations, and the installation of filtration systems and “firewalls” or anti-viral programs to prevent future attacks. With hackers and businesses continually trying to get the better of the other, the associated costs just continue to escalate.
The costs of remediation and prevention will couple with business interruption claims to create claims of ever increasing magnitude. Equipment damaged by an on-line threat will likely be presented to an insurer as a first party claim under a policy of commercial property insurance. Hacker attacks and computer viruses can shut down a website, causing a loss of revenue. Expenses continue to increase when an insured is required to operate a website through an alternate Internet Service Provider, advertise to counteract negative publicity, or absorb the cost of restoring lost data. An insured’s failure to install a proper anti-virus program will inevitably ground a third party claim for damages; business partners can be adversely affected – even shut down or denied service – by viruses spread through ignorance or inattention to on-line threats.
II. THE CURRENT PROBLEM
Regardless of an underwriter’s intention, some existing policies have the potential to cover present and emerging e-commerce risks. Standard property insurance, inland marine insurance, and commercial property insurance all fall into this category. The “all-risk” nature of commercial property insurance lends itself to e-commerce coverage disputes as the burden will fall on the insurer to show that a claim falls within the ambit of a (narrowly construed) exclusion from coverage and not within a (broadly interpreted) grant of coverage.
A. COMMERCIAL PROPERTY POLICIES
Although their language differs, these policies typically provide coverage for “physical loss or damage to covered property”. There are 3 inquiries necessary to establish a first party claim for repair or replacement to an insured’s property:
1. Does damaged software, hardware or data constitute “damaged property”?
2. If so, is there “physical loss or damage”?
3. Did the loss or damage occur during the policy period so as to trigger coverage?
A typical policy of commercial property insurance defines insured property as follows:
the interests of the Insured in all real and personal property owned, used or intended for use by the Insured, or hereafter erected, installed or acquired.
This definition of “property” is to be contrasted with the approach taken in other policies of commercial property insurance. An insuring agreement will often read as follows:
In the event that any of the property insured be lost or damaged by the perils insured against, the Insurer will indemnify the Insured against the direct loss so caused to an amount not exceeding whichever is the least of:
a) the actual cash value of the insured in the property;
b) the interest of the insured in the property;
c) the amount of the insurance specified on the “Declarations Page” in respect of the property lost or damaged.
Provided, however, that where the insurance applies to the property of more than one person of interest, the Insurer’s total liability for loss sustained by all such persons and interests shall be limited in the aggregate to the amount or amounts of insurance specified of the “Declarations Page”.
The policy insures the following Property but only those items for which an amount of insurance is specified on the “Declarations Page”:
1. Building
2. Equipment
3. Stock
4. All Property
5. Contents means “equipment” and “stock”.
Building means the building(s) described on the “Declarations Page” and includes:
i) fixed structures pertaining to the building(s) and located on the “premises”;
ii) additions and extensions communicating and in contact with the building(s);
iii) permanent fittings and fixtures attached to and forming part of the building(s);
iv) materials, equipment and supplies on the premises for maintenance of, and normal repairs and minor alterations to the “building” or for building services;
v) growing plants, trees, shrubs or flowers inside the “building” used for decorative purposes when the Insured is the owner of the “building”.
Equipment means:
(i) generally all contents usual to the Insured’s business including furniture, furnishings, fittings, fixtures, machinery, tools, utensils and appliances other than “buildings” or “stock” as herein defined;
(ii) similar property belonging to others which the Insured is under obligation to keep insured or for which he is legally liable;
(iii) tenant’s improvements which are defined as building improvements, alterations and betterments made at the expense of the Insured to a “building” occupied by the Insured and which are not otherwise insured, provided the Insured is not the owner of such “building”. If the Insured purchased the use interest in tenant’s improvements made by a predecessor tenant, this form applies as though such tenant’s improvements had been made at the expense of the Insured.
“Stock” means:
(i) merchandise of every description usual to the Insured’s business;
(ii) packing, wrapping and advertising materials; and
(iii) similar property belonging to others which the Insured is under obligation to keep insured or for which he is legally liable.
“All Property” means Buildings, Equipment and Stock
“Contents” means “Equipment” and “Stock”
1. Is it “Property”?
An insurer may be inclined to argue that software and stored data do not constitute “property”, although American cases have upheld coverage for damage to software and data. For example, in Retail Systems, Inc. v. CAN Insurance Co., the Minnesota Court of Appeals concluded that computer tape and the data contained thereon were tangible property. The data on the tape was of permanent value and integrated completely with the physical property of the tape. During the course of its reasoning, the Court considered and rejected another line of cases opining that computer tapes were intangible property, for tax purposes. While that storage medium had little value for tax purposes, its value was significantly greater when used for the storage of valuable data and subsequently lost. The Court agreed that coverage existed under either the general liability section of the policy or the section governing “loss of property”.
In Centennial Insurance Co. v. Applied Health Care, the Court concluded that an insurer was obligated to defend its policyholder seeking coverage for damage to a third party’s computer processing system caused by the insured’s product. The Court rejected the argument that any injury suffered by the customer was not property damage within the meaning of the policy. The insured alleged that the insured’s defective controllers caused a loss of information stored in the data processing system. In the Court’s view, this “clearly raised the spectre that liability for property damage may ensue”.
In American Guarantee & Liability Insurance Co. v. Ingram Micro, Inc., the Court relied on a definition of “damage” from criminal statutes to conclude that a power outage caused “direct physical loss or damage” to an insured’s computer system. The computer data was lost and required replacement. The relevance of the definitions contained in various penal codes was, in the Court’s view, significant:
Lawmakers around the country have determined that when a computer’s data is unavailable, there is damage; when a computer’s services are interrupted, there is damage; and when a computer’s software or network is altered, there is damage. Restricting the Policy’s language to that proposed by American would be archaic.
Again, in United States v. Riggs, the Court concluded that the act of transmitting a computer text file qualified as theft of a good, ware or merchandise.
American Courts have reasoned that software and data are tangible “property” in the context of copyright disputes. In Stern Electronics, Inc. v. Kaufman, the Court concluded that both a written program and the sights and sounds of the display were property subject to copyright. All portions of the program, once stored in memory, are fixed in a tangible medium within the meaning of the state Copyright Act.
These precedents support an insured’s argument that software, hardware, or data are tangible property. It follows then that the damaged or corrupted systems and data are “insured property” and, absent an express policy exclusion, these damages should be covered by first party all-risk policies.
2. The Requirement of “Physical Damage”
First Party all-risk policies will typically cover “all risk of physical loss of, or damage to the insured property as well as the interruption of business” except as excluded. Insurers may be tempted to deny coverage on the basis that computer software or electronic data have not suffered actual “physical” damage. Arguably, a virus or an attack by a “hacker” do not physically destroy a computer and therefore there is no physical loss. Such an argument is likely to fail.
E-commerce perils can result in actual physical damage. Viruses invade a computer’s storage medium and then corrupt data also contained in that medium, typically a hard disc drive. A hacker attack may delete, damage or destroy data. It is therefore likely that an insured will be able to identify tangible physical damage, either in the form of a hard drive depleted of its stored data or unable to function properly as a result of the invasion.
In Wal-Mart Stores, Incorporated v. City of Mobile, the Court, reversing an earlier decision of its own, confronted the question as to whether or not computer software constituted intangible personal property. The Defendant City was prohibited from collecting gross tax receipts on such property. In its earlier decision, the Court reasoned that a buyer of software sought information as opposed to the medium on which the information was conveyed. Therefore, computer software was intangible. The Wal-Mart Court disagreed with its earlier ruling:
The software itself, i.e., the physical copy, is not merely a right or an idea to be comprehended by the understanding. The purchaser of the computer software neither desires nor receives mere knowledge, but rather receives a certain arrangement of matter that will make his or her computer perform a desired function. This arrangement of matter, physically recorded on some tangible medium, constitutes a corporeal body.
This decision is further support for an insured’s contention that computer software is tangible property covered by a policy of property and commercial liability insurance.
The wording of all-risk policies may not even require “physical damage”; some form of damage may be sufficient. The policy wording is disjunctive, requiring either physical loss or damage to insured property. Damage may not necessarily have to be physical to trigger coverage, as was held in Aluminum Co. of America v. Accident & Casualty Insurance Co. Furthermore, rules of construction governing judicial interpretations of insurance contracts and other contracts of adhesion dictate that ambiguous language be resolved in favour of coverage.
3. Loss of Use
Yet, other Courts have applied a “loss of use” analysis. In American Guarantee & Liability Insurance Co. v. Ingram Micro, Inc., the Court reasoned that the loss of use and function of a computer fell within coverage for “physical damage”. The Court had to answer the question of whether the temporary loss of power resulting in the loss of computer data constituted “physical injury”. The insured, Ingram, distributed microcomputer products wholesale. A world wide computer network was used to track customers, products, and daily transactions. All of its customer orders were tracked through its integrated system. The success of its business operations therefore depended on a functioning network. American Guarantee issued a property insurance policy which insured against “all risks of direct physical loss or damage from any cause, howsoever or wheresoever occurring”.
Ingram’s data centre experienced a power outage on December 22, 1998. All of the electronic equipment, including the computers and telephones, failed and Ingram experienced a loss of all of the programming information stored in temporary memory. The lost information had to be reloaded in order to restore operations. The data centre was operational within hours but, in the interim, business could not be conducted.
Ingram made a claim to cover its losses. American denied the claim and sought a declaratory judgment against Ingram. Ingram filed a counterclaim for breach of contract. The argument advanced by the insurer was that the computer system had not been physically damaged since the power outage did not affect the system’s inherent operational ability. Ingram argued that physical damage included loss of use and functionality. The Court agreed with the insured’s view and stated:
At a time when computer technology dominates our professional as well as personal lives, the Court must side with Ingram’s broader definition of “physical damage.” The Court finds that “physical damage” is not restricted to the physical destruction or harm of computer circuitry but includes loss of access, loss of use and loss of functionality. In this case, Ingram does allege property damage – that as a result of the power outage, Ingram’s computer system and worldwide computer network physically lost the programming information and custom configurations necessary for them to function. Ingram’s mainframes were “physically damaged” for one and one half hours. It wasn’t until Ingram employees manually reloaded the lost programming information that the mainframes were “repaired.” Impulse was “physically damaged” for eight hours. Ingram employees “repaired” Impulse by physically bypassing a malfunctioning matrix switch. Until this restore work was conducted, Ingram’s mainframes and Impulse were inoperable.
In the context of American case law, this result is perhaps not too surprising given similar results in other cases. In asbestos products cases, Courts have concluded that an insured required to remove asbestos from a structure, notwithstanding a lack of physical damage to the structure itself, has endured direct physical loss. The building’s function may be seriously impaired, destroyed or rendered useless by the presence of contamination. This impairment has been enough to find direct, physical loss to property under an all-risk policy of insurance.
The Ingram Court is not necessarily the final word in the U.S.; others Courts have opined that a computer failure does not amount to business interruption under a policy of commercial property coverage. In Home Indemnity v. Hyplains Beef, Hyplains operated a beef packing plant and cattle feed lot. A computer network was installed to collect electronic data and create inventory records of beef. The network did not function properly but did continue to operate at a less efficient rate. Several attempts to fix the problem were unsuccessful and Hyplains made the decision to submit a claim for its lost business income to its insurer.
Their policy of commercial property insurance contained a provision for the loss of business income arising from the suspension of business operations. The language of the contract required that the suspension be caused by the direct physical loss of or damage to property. The insurer sought a ruling that the policy did not cover a “slowdown” of operations caused by a computer’s inefficiency.
The insurer was successful. Decreased efficiency and production did not, in the Court’s view, amount to a suspension of operations. Hyplains had evidence of actual lost business income but the requisite trigger of coverage – a complete cessation of business – was not present.
The two cases, Ingram and Hyplains, differ in respect of one significant fact. In Ingram, the computer had shut down completely. In Hyplains, the computer equipment continued to function, albeit inefficiently. The question remaining to be answered is this: How long must the computer system be inoperable for coverage to be found for a claim for business interruption? A growing number of companies transact on-line. Booksellers, auctioneers and a litany of other businesses can be adversely effected by even a relatively “short” amount of downtime. To be sure, Canadian Courts will face concerted efforts to afford coverage to an insured despite only having experienced a “slowdown” in business. Therefore, where a website crashes or is frozen by a hacker attack, the question of whether an all-risk first party policy will be available to indemnify for repair costs and business interruption losses is an open question in Canadian law. However, as will been seen, the answer may be clearer where the damages result from the incorporation of a defective product into a working whole.
Assuming coverage is found, policy valuation provisions may be implicated. Damaged hardware, software, or data may fall under the valuation language contained in all-risk policy language concerning loss arising from the destruction of valuable papers and records. Recovery may consist of the value of the blank record plus the cost of replacement.
4. Sue and Labour Clauses
“Sue and labour” clauses may provide coverage for the costs to remediate e commerce risks. The “sue and labour” clause is intended to protect an insurer by imposing on an insured an obligation to take whatever steps may be reasonably necessary to minimize or prevent further damage to insured property. The insured is responsible for protecting the insured property which has already been exposed to a covered risk on the basis that whatever costs are incurred in an effort to reduce the extent of the loss will be borne by the insurer.
A typical “sue and labour” clause contained in a commercial all-risks policy reads as follows:
The insured, in the event of any loss or damage to any property insured under the contract, shall take all reasonable steps to prevent further damage to any such property so damaged and to prevent damage to other property insured hereunder including, if necessary, its removal to prevent damage or further damage thereto.
The responsibility of the insurer is stipulated in the following terms:
The insurer shall contribute pro rata towards any reasonable and proper expense in connection with steps taken by the insured and required under the preceding paragraph of this condition according to the respective interests of the parties.
Alternative wordings for a sue and labour clause in non-marine policies can include:
In the case of loss or damage, it shall be lawful and necessary for the insured, their factors, servants and assigns to sue, labour and travel for, in and about the defence, safeguard and recovery of any property insured hereunder without prejudice to this insurance; to the charges whereof underwriters will contribute according to the rate and quantity of the sum herein insured. No acts of underwriters or the insured in recovering, saving or preserving the property shall be considered as a waiver or acceptance of abandonment;
or:
It is the duty of the insured in the event that any property insured hereunder is lost to take all reasonable steps in and about the recovery of such property. The insurer shall contribute pro rata towards any reasonable and proper expenses in connection with the foregoing according to the respective interests of the parties.
The “typical sue and labour clause” cited above is identical to Statutory Condition #9, which states:
(1) The insured, in the event of any loss or damage to any property insured under the contract, shall take all reasonable steps to prevent further damage to any such property so damaged and to prevent damage to other property insured hereunder including, if necessary, its removal to prevent damage or further damage thereto.
(2) The insurer shall contribute pro rata steps towards any reasonable and proper expenses in connection with steps taken by the insured and requited under subparagraph (1) of this connection according to the respective interests of the parties.
This wording, by its very terms, imposes some limitations. First, it is to be noted that by using the words “in the event of any loss or damage” a mere threat of potential harm is not sufficient. Viewed in that light, there is a decided economic advantage if the insured fails to exercise reasonable care in averting an e-commerce related loss.
Secondly, expenses incurred under the “sue and labour” clause are only recoverable if they have been incurred for the purpose of averting or diminishing a loss covered by the policy: see Weissberg v. Lamb.
Insurers provide for the recovery of “sue and labour” expenses to encourage the exercise of reasonable diligence in the avoidance of further loss. As was stated by the Supreme Court of Canada in Hartford Fire Insurance Co. v. Benson & Hedges (Canada) Ltd.:
In interpreting these provisions, it is important to remember that the true rationale is to benefit insurers. The provisions impose obligations on persons insured to take steps to prevent loss for which the insurer would be liable if such loss occurred.
The application of a sue and labour clause in a toxic contamination case is illustrated by Office Garages Ltd. v. Phoenix Insurance Co. The insured in this case was covered by a fire policy which applied to its commercial gas bar and service station. The covered premises were valued at $900,000 and insured for $813,000. A fire occurred which caused $8,000 worth of damage to the insured building. It was determined that the source of the fire was an explosion, the originating cause of which had been seepage of gasoline into the subsoil of the property.
The insured expended a total of $45,000 following professional advice that the risk of explosion in the future could only be avoided by removal of the soil that had been polluted with gasoline. After deducting a certain amount for the consequential improvement in the value of its property, the insured claimed for the costs of investigating the cause and removing the source of danger that could have caused further damage. The insured sued its insurer for approximately $27,000, representing the net amount expended in order to safeguard its property against further covered losses. The case was decided in favour of the insured. The Court ruled that the expenditure was reasonable in the circumstances because of the proportion that the amount claimed bore in relation to the total value of the building:
There was a duty on the plaintiffs under the insuring contract to protect the property from further damage and they are entitled to recover any reasonable expense incurred in performing this duty.
The building was valued by the plaintiff at $900,000 and I assess its value in this amount. It was insured by the defendants for $813,000. In deciding whether the amount spent to prevent further damage to the property was a reasonable amount, I must take into consideration the value of the property. An expenditure of $26,775.96 does not seem unreasonable to prevent further loss to a building valued at $900,000.
The plaintiffs are entitled to recover the damages as assessed from the defendants, such damages to be pro-rated between them in accordance with their coverage.
Assuming these limitations are overcome and coverage exists, a “sue and labour” clause could be relied on by an insured in support of a claim for compensation for any expenses incurred by them in preventing e-commerce related losses. It is quite conceivable that the costs of upgrading anti-viral software, for example, would be an allowable expense within the terms of a “sue and labour” clause. This is a factor or possibility which cannot be overlooked by a prudent insurer when formulating a sue and labour clause.
In American law, the prevailing view is that for an insured’s expense to be covered it must satisfy a 2 part test: 1) the proximate cause test; and 2) the reasonable insured test. First, the expenditure must be incurred to avoid a covered loss. Second, the attempt to avoid a future loss must also be reasonable. If both arms of this overlapping test are satisfied, the insurer is generally obligated to reimburse its insured. Sue and labour clauses provide a separate type of coverage from that provided in the main coverage agreement. Courts have held that these clauses apply to efforts taken solely to prevent covered losses, allowing an insured to recover even though no actual loss or damage has occurred.
Applied to e-commerce risks, an insured may argue that the costs of avoiding damage caused by hacker attacks or viruses serve to protect covered property and are therefore recoverable. A number of U.S. corporations, including GTE, Unisys, Nike, Xerox, ITT and the Port of Seattle, have sued their property insurers for a declaration that the costs of Y2K remediations are properly indemnified under the sue and labour provisions of their policies.
All-risk policies are triggered by a loss occurring during the policy period. It is not clear how a Court would apply existing trigger-of-coverage theories in the context of a sue and labour claim for computer remediation costs. The relevant time period is arguably the one in which the insured installed or purchased the offending software, but could also properly be the time when the insured actually incurred the costs of remediation.
III. AN INSURER’S DEFENCES
Is resistance futile? A number of Courts have held that there is no coverage for costs incurred to prevent uncovered losses. Therefore, an insurer is left to argue that the targeted loss is uncovered or excluded from coverage, for example, by arguing that the loss does not relate to “covered property” or does not arise from a “physical” loss. Additionally, late notice or other bars to recovery may be employed. In Canada, any reliance on late notice as a defense must be tempered by the reality of judicial relief from forfeiture.
A. THE DESIGN DEFECT EXCLUSION
The “design defect” exclusion may bar recovery but it is questionable whether it is a “design defect” for a computer program to be vulnerable to e-commerce risks; any form of property is vulnerable to any number of risks, including risks created by new technology. The pace of technology’s change virtually ensures that even the most advanced system or program will soon be vulnerable to a new or improved virus. Even if such a defect exists, any failure to correct the defect may cause harm to other covered property. The design defect language itself may restore coverage for “loss or damage resulting from such defective design”. As always, any ambiguity in language will be resolved in favor of coverage.
1. The Trend in the Cases
The potential impact of the “faulty design” exclusion stems in large measure from the 1968 decision of the Australian High Court in Queensland Government Railways and Electric Power Transmission Pty Ltd. v. Manufacturers’ Mutual Insurance, Ltd. Flooding had caused the collapse of three concrete piers erected in a river bed as support for the construction of a bridge. In arbitration it had been determined that the insured was entitled to recover notwithstanding an exclusion for “faulty design”. The arbitration panel concluded that the culpability of the designer did not amount to negligence and that, at the time of its creation, the design reflected “state of the art” technology. Only as a result of record flood levels did the piers collapse.
In overruling the arbitration decision, the High Court indicated that even absent “negligence”, as that term is understood in tort law, indemnity was not available. In the Court’s view “faulty design” embraced conduct less culpable than negligence. The Court stated:
[T]he loss which occurred did arise from faulty design. Let it be accepted, as the arbitrator found, that the piers, as designed, failed to withstand the water force to which they were subjected because they were designed in accordance with engineering knowledge and practice which was deficient, rather than because the designer failed to take advantage of such professional knowledge as there was, nevertheless the loss was due to “faulty design” and the arbitrator has done no more than explain how it happened that the design was faulty. We think it was an error to confine faulty design to the personal failure or non-compliance with standards which would be expected of designing engineers on the part of the designing engineers responsible for the piers. To design something that will not work simply because at the time of its designing insufficient is known about the problems involved and their solution to achieve a successful outcome is a common enough instance of faulty design. The distinction which is relevant is that between “faulty”, i.e., defective design and design free from defect. We have not found sufficient ground for reading the exclusion in this policy as not covering loss from faulty design when, as here, the piers fell because their design was defective although, according to the finding, not negligently so. The exclusion is not against loss from “negligent designing”, it is against loss from “faulty design”, and the latter is more comprehensive than the former. (emphasis added)
This is a direct result of the use of the word “faulty”. In the Court’s view that term, in the context of an insurance policy, did not mean “negligence”. The Court considered “fault” as the term applies to people:
In ordinary English today the word “fault” is used in senses which are all indicative of the basic concept, a falling short, a shortcoming. When used in relation to a person,. a fault is a falling short in conduct or behaviour or some act or omission which whether wilful or negligent, predicates blame. In this sense the word has a wide meaning when used of a person.
and then as it applies to things:
We are concerned with the word “faulty” as descriptive of an inanimate thing. The words “fault” and “faulty” then have a different sense. They, again according to their derivation, connote a falling short; but not falling short in conduct or behaviour. They designate an objective quality of a thing. It is not up to a required standard.
“Faulty” design is not the same test as “negligent” design. In other words, the Court went on to indicate:
Doubtless a faulty design can be the product of fault on the part of the designer. But a man may use skill and care, he may do all that in the circumstances could reasonably be expected of him, and yet produce something which is faulty because it will not answer the purpose for which it was intended. His product may be faulty although he be free of blame.
The philosophy which underlies this Australian decision was adopted with enthusiasm by judges in Canada. In Pentagon Construction (1969) Co. Ltd. v. United States Fidelity and Guaranty Company, again a case in which the loss was excluded on the basis of the design exclusion, the architect had failed to stipulate on the plans or specifications that the steel beams had to be welded over the top of the tank prior to any testing. Had that step been undertaken the tank walls would not have burst upon being filled with water. The Court concluded that the loss fell within the design exclusion notwithstanding that the factor which actually triggered the loss was the failure of the sub-contractor’s employees to properly undertake the test procedures. In the Court’s view the exclusion was not limited to the design itself, but extended as well to the manifestations of the design concept, including the procedures required to implement the design.
Relying upon dictionary definitions of the term, the British Columbia Court of Appeal concluded that “design” was a broad term which included not only “structural” calculations, shape, and location of materials, but also the choice of particular work processes. The Court stated:
…In my opinion “faulty or improper design” … must have reference to “design” as contemplated by the construction contract, in the sense of including all the details covered by the drawings and specifications which that contract required to be followed. I do not think the word “design” can properly be limited to some concept in the designer’s head to the exclusion of the recording of that concept through the drawings and specifications.
When both Queensland Government Railways & Electric Power Transmission Pty Ltd., supra, and the decision in Pentagon Construction, supra, are considered, it is clear that the design exclusion is being given a wide ambit. In the context of e-commerce, the risk to an insured is the insurer’s argument that a loss is attributable to design, of software, for example, and therefore excluded by the terms of the policy.
1. Limitations on the Doctrine in Pentagon Construction
The Courts have seen fit to place limitations on the approach taken in Pentagon Construction, supra. Procedures on the work site that are not called for in the plans or specifications, and which are not part of customary practice, do not fall within the “faulty design” exclusion. However, this is cold comfort for an insured met by the insurer’s alternative argument that the failing nonetheless fits within the “improper workmanship” exclusion.
This problem is best illustrated by the decision in Bird Construction Co. v. Allstate Insurance Co. of Canada, which is discussed later in this paper. In Bird Construction, the claim arose when a truss fell from a building. This resulted from improper erection procedures used by the sub-contractor. The insurer argued that since the plans and specifications contemplated a completed building all steps necessary to achieve that objective fell within the ambit of the “plans and specifications”, including procedures for erecting the roof trusses. The insured led expert evidence to demonstrate that the procedure in issue was not part of the plans and was not required to be in the plans; instead, it was a matter to be left to the installer. Not being part of the “design process”, the exclusion did not apply. Similarly, in the context of e-commerce, an insured will attempt to show that a loss is not attributable to design but rather to the faulty work of the computer system’s installer.
B. INHERENT VICE EXCLUSION
The “inherent vice” exclusion may be invoked to help avoid coverage but this provision has been interpreted narrowly. In Standard Structural Steel Inc. Co. v. Bethlehem Steel Corp., the Court explained that the inherent vice exclusion applies to losses from natural decay, ordinary wear and tear and, inevitable depreciation. Such is likely not the cause of an e-commerce related loss.
“Inherent vice” generally involves internal decomposition or some quality which brings about an object’s own damage or destruction. One of the few Canadian cases to consider the term in the context of an all-risk policy was Brown Fraser and Company Limited v. Indemnity Marine Assurance Company, a decision of the British Columbia Court of Appeal.
The collapse of a boom crane was found to be attributable to the failure of the insured’s employees to install certain steel pins. The Court rejected the application of the “inherent vice” exclusion, indicating that it entailed “that which is necessarily incidental to the property rather than occasioned by an adventitious cause. The negligence of the insured’s employees constituted an “adventitious cause” sufficient to oust the operation of the exclusion.
More illustrative of the scope of the exclusion is the American case of State Farm Fire & Casualty Co. v. Volding. The insured incurred a loss from rain water having entered the pores of bricks in a chimney. The bricks cracked and ultimately separated from one another. The evidence at trial indicated that the bricks were porous and not suitable for use on an exterior wall or when exposed to the elements. That failing was characterized as “inherent vice” and indemnity was refused.
The “inherent vice” exclusion simply restates the need to demonstrate that a loss arose from an “external cause”. If the property contains the seeds of its own loss then the loss cannot be treated as the result of an external cause. To the extent that a policy expressly requires proof of an external cause (e.g. “… all risks of direct physical loss or damage … from any external cause except as hereinafter provided”), the exclusion is superfluous.
C. BUSINESS INTERRUPTION
Business interruption coverage generally insures against business losses resulting from a suspension in business operations. This kind of coverage should be available for insureds that suffer an interruption of business as a result of e-commerce related perils; see American Guarantee v. Ingram, supra.
The U.S. district Court for the Southern District of New York in Datatab Inc. v. St. Paul Fire and Marine Insurance Co. held that an all-risk policy covered a suspension in business activity due to the lost use of the insured computer system. A water main break damaged several water pumps, shutting down the air-conditioning system. The computers and data processing system had to be shut down as a result. The policy provided coverage for “loss resulting directly from necessary interruption of business as a direct result of all risk of physical loss or damage from any cause to “property” that included the insured’s data processing system. A clause in the policy extended coverage to “include actual loss as covered hereunder when as a direct result of a peril insured against the premises in which the property is located is so damaged as to prevent access to such property.”
The insurer took the position that there was no physical damage to the fifth and sixth floors of the premises. As there was no impairment to accessing the data processing system, the contingency triggering coverage was not present. The Court found for the insured, reasoning that the word “premises” referred to the entire building and that “access” contemplated using the equipment normally. As usual, ambiguity on the wording of the policy was resolved in favour of the insured.
The extent of the “interruption” may be relevant. As discussed above, some Courts have held that business interruption coverage is not available where a covered risk merely causes business to diminish, as opposed to completely suspend. In Hyplains, supra, the Court held that the malfunction of computer equipment that resulted in delays, not a suspension, was not covered. The Court reasoned that the policy required a necessary suspension of operations. The insured was able to show that its operations had slowed and become less efficient. Lacking a “suspension”, as required by the wording of the policy, coverage was denied.
Other decisions are at odds with the Hyplains Court. Other policy provisions allow an insurer to reduce the amount of the loss to the extent that the insured can resume operations, in whole or in part, by using damaged or undamaged property at the insured location or elsewhere. The Court in American Medical Imaging Corp. v. St. Paul Fire and Marine Insurance Co. concluded that with such a clause, the requirement for a complete cessation or suspension created an inconsistency. An insured would not be motivated to mitigate by continuing operations at a reduced level. This policy imposed an affirmative obligation on an insured to mitigate losses. For the insurer’s position to be correct, by performing the duty, an insured would have to forfeit the right to recovery under the policy. The insurer’s duty to indemnify was instead read consistently with the insured’s duty to mitigate.
In Omega Inn Ltd. v. Continental Insurance Co., the Plaintiff operated a restaurant which was destroyed by fire. The Defendant, Continental, insured the Plaintiff for fire loss. Included in the coverage was a business interruption loss rider. Payment was not made until approximately 7 months after the fire as the insurer was conducting an investigation to determine whether the fire resulted from arson. Once paid, the plaintiff began reconstruction in July of 1996, 7 months post loss, and was substantially completed by the end of October. The trial judge awarded the Plaintiff 10 months in business interruption. The insurer argued that four months was the appropriate measure of this damage.
It is the contention of the appellant that the measure of recovery in the event of loss under the provision shall not exceed such length of time as would be required with the exercise of due diligence and dispatch to rebuild the damaged premises and it is on that basis that it is contended that four months is the appropriate award.
The Court of Appeal agreed and concluded that the consequences of an insured’s impecuniosity should not be visited upon the insurer.
In my opinion the impecuniosity of the plaintiff cannot be laid at the door of the insurer because it failed to pay more promptly. Its obligation and the full extent of its obligation with respect to the business loss interruption coverage under the Policy, was to pay for such length of time as would be required with the exercise of due diligence and dispatch to rebuild.
Extra expense coverage provides funding to continue operations without interruption, as opposed to the income replacement provided by business interruption coverage. Typical coverage for this kind of expense indemnifies for costs incurred to replace or restore lost information on damaged records. Coverage should therefore be afforded to replace or restore software or electronic data.
D. THE DOCTRINE OF FORTUITY AND LATE NOTICE PROVISIONS
Additional coverage defenses available to the insurer include the fortuity defense and late notice provisions. The first is an implied exclusion in all risk policies; only fortuitous losses are insurable. Insurance is not provided for certainties. The loss is fortuitous, and covered, if the insured did not know of the inevitability of the loss at the time of forming the contract of insurance. Insurers may argue that insureds are aware of the risk of viruses and hackers. Clearly, insureds are at least as aware of more everyday perils yet coverage for them is routinely found. Courts find a loss to be fortuitous so long as an insured was subjectively unaware that a loss was certain to occur when the policy issued; that is, unless the insured knew when and where a loss would strike at the time the insurance was purchased. Some measure of knowledge of the risk will not by itself bar recovery.
All Risk insurance constitutes a promise to pay only upon the fortuitous happening of loss or damage from any cause. It might therefore appear that All Risk policies do not require the exclusions discussed above which exclude coverage for an inevitable or virtually inevitable loss. Nonetheless, it is in fact very important, from the insurer’s point of view, that these exclusions be specifically included in policies. These would include the exclusions for wear and tear, inherent vice and latent defects. This is so because, in the last decade, the courts have moved to define the requirement of “fortuity” in a manner which strongly favours the position of the insured.
This shift has occurred because the test for fortuity is a subjective one. If the insured was actually not aware of the defect or vice inherent in the insured property, or if the damage was actually unanticipated or unforeseen, the loss was fortuitous from the standpoint of the insured and therefore within All Risk coverage.
This is best illustrated by the decision in Compagnie des Bauxites de Guinea v. Insurance Co. of North America. On a preliminary motion the Court held that an unknown design defect did satisfy the fortuity requirement. In considering the element of fortuity, one does not, with the benefit of hindsight, ask whether the loss would inevitably have arisen. Instead the issue is whether, based upon what the insured actually knew and appreciated prior to the loss, the loss would have seemed inevitable. This approach, based upon the insured’s actual knowledge at the time the policy was entered into, is clearly articulated in a later decision, Standard Structural Steel Co. v. Bethlehem Steel Corp. There the Court stated:
A fortuitous event is one which occurs accidentally, as a layman, and not as a technician or scientist would understand the term. It is an event which happens by chance … unexpectedly or without known cause, one which is unplanned. An event which is certain to take place or is inevitable cannot be fortuitous, but a court must exercise restraint in its determination of whether an event was inevitable. It must also gauge inevitability by standing in the shoe of the parties at the time the contract of insurance was made.
The impact of this approach is obvious: the insured can more readily satisfy the requirement of fortuity. Conversely, an insurer cannot be confident of avoiding coverage for an apparently inevitable loss unless the policy contains specific exclusions clearly intended to meet the contingency of the loss. In terms of policy interpretation the Canadian Courts can probably be expected to use this approach to favour insureds on coverage disputes. From an evidentiary standpoint the insured need only prove that a loss occurred within the policy period. The insurer will have the burden of establishing both nonfortuity and the requirements of any applicable exclusion (British & Foreign Marine Insurance Company v. Gaunt, Farry Excavating and Grading Ltd. v. Hartford Fire Insurance Co. and Glassner v. Detroit Fire and Marine Insurance Company).
The language of all-risk policies requires an insured to report losses as soon as practicable. The failure to provide timely notice can be the basis of a denial of coverage. The notice provision may not apply if the insured is seeking coverage under the sue and labour provisions of a policy. If this constitutes a separate insuring agreement, the insured may not be subject to the notice provisions. Some sue and labour provisions expressly provide for the insurer to give prompt notice. If such a provision is absent, notice prior to sue and labour efforts is arguably unnecessary.
Policies other than commercial property policies may provide coverage for the insured aggrieved by e-commerce related risks. General commercial liability policies (CGL’s), errors and omissions policies (E&O) and directors and officers policies (D&O) all have the potential to ground a claim related to e-commerce perils.
IV. CGL POLICIES
CGL policies cover amounts an insured becomes legally obligated to pay to a third party for personal injury or property damage. The terms of CGL coverage typically provide coverage where there is physical injury to tangible property and where there is loss of use of tangible property that has not sustained actual physical loss. There is a question as to whether electronically stored data is “tangible” property. However, software and electronic data have been determined to be tangible property and should therefore be covered absent an express exclusion.
Liability for internet advertising activity and intellectual property disputes may find coverage in CGL policies. Potential claims include libel, slander, defamation, violation of privacy rights, misappropriation of advertising ideas or style of doing business and copyright infringement cases. The question arises as to whether a policyholder’s activity constitutes “advertising” within the meaning of the policy; see Reform Party of Canada v. Western Union, supra.
Disputes over “domain names” or website addresses are a potential source of e-commerce liability. A domain name will identify a product, service or organization.
Often business will employ their trademarks as part of their domain name in an effort to ease the search for its website. Once a domain name is chosen, it is registered with Network Solutions but no effort is made by this company to determine whether the chosen name is properly taken by the registrant. For example, Panavision owned the trademarks “Panavision” and “Panaflex” and logically wanted to register its domain name as “Panavision.com”. Clearly, this domain name is a benefit to the company as it is the most likely to be employed by someone searching the world wide web for it. However, that name had already been registered to the owner of a website displaying photographs of the City of Pana, Illinois. Panavision alleged that the owners use of the domain name “Panavision.com” infringed upon its trademark. The website owner responded:
If your attorney has advised you otherwise, he is trying to screw you. He wants to blaze new trails in the legal frontier at your expense. Why do you want to fund your attorneys purchase of a new boat (or whatever) when you can facilitate the acquisition of “Panavision.com” cheaply and simply instead?
This same owner registered the name “panaflex.com”, a site simply offering the word “hello”. The matter proceeded to trial where the impugned website owner admitted to registering over 100 marks, including domain names for Delta Airlines, Neiman Marcus, Eddie Bauer and Lufthansa. Panavision’s motion for summary judgment was granted at trial and affirmed on appeal.
Coverage under a CGL for advertising injury liability coverage requires that a covered offense be committed in the course of “advertisement”. The 1998 ISO CGL defines advertisement to comprise “a notice that is broadcast or published to the general public or specific market segments about your goods, products or services for the purpose of attracting customers or supporters”. This definition will serve to clarify what can otherwise be a vague or ambiguous term.
The advertising injury endorsement at issue in Grayson v. Wellington Insurance Co. is typical of the wording used in Canada:
“Advertising Injury” means injury arising out of an offense committed during the policy period occurring in the course of the Named Insured’s advertising activities, if such injury arises out of libel, slander, defamation, violation of right of privacy, piracy, unfair competition, or infringement of copyright, title or slogan.
This wording is contrasted with another policy:
Advertising Injury means injury caused by any of the following offences that result from the advertising of your products or work:
1. libel or slander;
2. written or spoken material made public which belittles the products or work of others;
3. written or spoken material made public which violates an individual’s right of privacy;
4. unauthorized taking of advertising ideas or style of doing business; or
5. infringement of copyright, title or slogan.
The analytical approach to coverage comprises 7 steps:
1. There must be conduct falling within one of the covered offenses;
2. the offense must be committed during the policy period;
3. the offense must be committed in the coverage territory;
4. the offense must be committed in the course of the named insured’s advertising activities (or “advertisement” – the language varies);
5. the claim must seek damages resulting from advertising injury;
6. no exclusions must apply; and
7. all pre-conditions to coverage must have been satisfied.
The injury itself need not occur during the policy period. It is sufficient that the insured’s conduct which constitutes the offense falls within the term of the policy.
Earlier CGL wordings do not define the term “advertising”. Early judicial consideration of the term required “widespread distribution of the material to the public at large”. Other definitions have been more expansive: “any activity designed to bring a seller’s goods or services to the attention of a potential buyer, whether the method used by the seller is public or somewhat private, including one on one oral representations”.
Canadian Courts have had some opportunity to consider the advertising injury provisions of a CGL. In Reform Party of Canada v. Western Union Insurance Co., the insured sought a declaration that its insurer had a duty to defend an action for defamation. The Court had to consider whether posting material on the internet constituted “advertising, publishing, broadcasting or telecasting activities” within the meaning of the policy. The Reform party maintained various websites on the internet. Its main website included topics concerning senate reform. In July 1998, Senator Edward Lawson sued Reform, alleging its Senate Reform Website was defamatory and sought relief, including an injunction, punitive and aggravated damages, damages for defamation and special costs.
A CGL was in full force at the relevant time. Western Union denied coverage on the basis that the allegations did not fall within coverage for “personal injury” or “advertising injury”. The definition of “personal injury” did not provide coverage for “publications or utterances in the course of or related to advertising, publishing, broad-casting or telecasting activities”. Further, the insurer took the position that the allegations did not fall within coverage for “advertising injury”. The definition of “advertising injury” affords coverage for injuries occurring “in the course of the Named Insured’s advertising activities”. Western Union took the position that the posting of allegedly defamatory material concerning Senator Lawson did not occur in the course of an “advertising activity” and therefore fell outside of coverage. The relevant grant of coverage provided as follows:
COVERAGE B – PERSONAL INJURY AND ADVERTISING INJURY LIABILITY
To pay on behalf of the Insured all sums which the Insured shall become legally obligated to pay as compensatory damages because of personal injury or advertising injury.
The exclusions in Section IV provided that the insurance did not apply to:
…
(5) personal injury or advertising injury arising out of libel or slander or the publication or utterance of defamatory or disparaging material concerning any person or organization or goods, products or services, or in violation of an individual’s right of privacy, made by or at the direction of the insured with knowledge of the falsity thereof;
(8) with respect to advertising injury (a) to any Insured in the business of advertising, broadcasting, publishing or telecasting, or (b) to any injury arising out of any act committed by the Insured with actual malice;
(9) with respect to advertising injury, to any claim or suit arising out of comparative advertising by or on behalf of the Insured;
“Personal Injury” means the injury sustained by any person or organization and arising out of one or more of the following offences committed during the policy period in the conduct of the Named Insured’s business designated in the Declaration(s) Pages(s):
(b) the publication or utterance of a libel or slander or of other defamatory or disparaging material or a publication or utterance in violation of an individual’s right of privacy, except publications or utterances in the course of or related to advertising, publishing, broadcasting or telecasting activities conducted by or on behalf of the Named Insured;
Reform relied on P.C.S. Investments Ltd. v. Dominion of Canada General Insurance Co. The policy at issue in this case also excluded coverage for “advertising, publishing, broadcasting or telecasting”. The insured had been sued for allegedly mailing a defamatory letter to 130 members of the insurance industry. The Court concluded this distribution was not a widespread or public distribution to a broad audience, and was therefore not “publication” excluded by the policy. Similarly, there were only 173 hits to the Senate Scandals Page in a period of 12 weeks. Further, unlike the P.C.S. case, Reform did not actively distribute material in the mail. The Senate Scandals Page was only accessible to those who became aware of the site and were interested enough to browse.
Western Union focussed on the exploding use of the world wide web, with millions of users accessing the internet daily. The Court relied on dictionary definitions of “publish” and “broadcast” as well as the wording of the Statement of Defence in the underlying action to conclude that the posting of material over the website constituted, or was related to, “publishing” or “broadcasting” activity. The allegations in the underlying action therefore fell outside the coverage for personal injury.
The Court of Appeal agreed:
…I agree that the posting of comments on a page of the world wide web in the circumstances of this case was part of a publishing activity carried on by the appellant in May and June 1998. Although only 173 hits were recorded during the relevant period, the page is posted on the world wide web for any member of the public to locate and read. The page was an integral part of a communication project designed to inform the public generally by way of the Internet about the appellant and its policies. The dissemination of an idea is at the core of publishing activities as The New Shorter Oxford English Dictionary … indicates by its definitions.
“Advertising Injury” was defined to mean injury occurring in the course of the Insured’s advertising activities, if such injury arises out of libel, slander or defamation. The policy excluded coverage for advertising injury to “any Insured in the business of advertising, broadcasting, publishing or telecasting”.
Reform argued that as a federal political party, operated to achieve stated political objectives, it was not in the business of advertising, broadcasting, publishing or telecasting. The chambers judge concluded that even given a broad meaning, it would be difficult to conclude that the act complained of in the underlying action encompassed “advertising”, given its usual or plain meaning:
“Advertising” generally refers to a seller promoting its goods, services or products. This meaning of “advertising” is supported by other provisions in the Policy. Exclusion clause IV(s)(7) relating to “advertising injury”, refers to “goods, products, or services sold, offered for sale or advertised”. Similarly, “comparative advertising” is defined in the policy to mean “the comparing of related or similar products or services in which the advertising material refers to one or more competitors either by name or implication”.
The Court concluded that the website postings were not intended to promote Reform’s goods, products or but was more in the nature of publishing or broadcasting a political message and public policy positions on senate reform. The page complained of could not clearly be said to be advertising. The primary purpose of the website was to communicate a political message. The claim therefore did not fall within coverage for “advertising injury”.
This part of the decision was reversed on appeal. In the course of her reasoning Huddart, J.A. encountered “the difficulty in finding one ordinary meaning for the word ‘advertising’ and the broad use to which the word is put in ordinary parlance”. In concluding that the claim advanced by the aggrieved senator could possibly fall within coverage, the Court reasoned that the senate scandals page “reinforced the positive comments about an elected Senate policy contained on another page of its website by denigrating those who benefit from the existing policy”.
A CGL will cover an insured’s liability for “Property damage”. However, the line between property damage and claims for pure economic loss is not always clear. In Privest Properties Ltd. v. Foundation Co. of Canada Ltd., the Defendant, Foundation, sought declaratory orders of the Court, compelling one or more of its insurers to pay the legal costs incurred defending the Plaintiffs’ action. The insurers collectively resisted the application on the basis that the action fell outside of coverage. Foundation had been contracted by the Plaintiffs to conduct renovations on a building in Vancouver. As part of the renovations, a spray fireproofing material known as Monokote 3 was applied to parts of the building, a substance which contained asbestos. Counsel for the respective parties referred the trial judge to some 250 authorities. None of the Canadian authorities, in the Court’s view, supported the conclusion that the application of asbestos to the building constituted “damage to tangible property”. There was, of course, judicial support for that conclusion in American jurisprudence.
So far as Canadian law is concerned, it seems clear that unless there has actually been personal injury or damage to other property, the cost of repairing or replacing defective work is considered to be pure economic loss rather than damage to property.
In conclusion, the Court opined that none of the allegations made against Foundation could be construed as allegations of physical injury or damage to or loss of use of tangible property. No duty to defend therefore flowed.
In Bird Construction Co. v. Allstate Insurance Co. of Canada, [1996] M.J. No. 363, the Manitoba Court of Appeal reached a similar result. The insurer appealed an order declaring it bound under a general liability policy to defend a claim against the policyholder. The applicant was a building contractor. It was alleged in the underlying action that a building constructed by Bird was built in an inherently dangerous condition. In 1989, a substantial section of the building’s exterior cladding fell to the ground from the ninth floor. As a result of the inspection that followed, the condominium corporation had the entire cladding removed and replaced at a cost of $1 million. The cost of that correction was claimed from Bird. In the underlying action, it was not alleged that the building’s condition caused bodily injury or damage to the building itself. In the Insurer’s eyes, the claim was therefore for pure economic loss.
The Court at first instance granted a declaration obliging the liability insurer to defend the claim. Allstate appealed that ruling.
The insuring agreement provided:
Allstate will pay on behalf of the Insured all sums … which the Insured shall become legally obligated to pay as compensatory damages because of
…
Property damage
caused by an occurrence.
“Property damage” means (1) physical injury or destruction of tangible property which occurs during the policy period, including loss of use thereof at any time resulting therefore, or, (2) loss of use of tangible property which has not been physically injured or destroyed provided such loss of use is caused by an occurrence during the policy period.
The Court of Appeal allowed the appeal, concluding that the claim was obviously not one for damages because of bodily injury; none was in fact alleged. Nor did the Court conclude that it was one for damages because of property damage, as defined by the policy. The Court observed that the losses claimed in the underlying action fell clearly under the category of economic loss. Loss of use was the only economic loss covered by the policy. No claim for loss of use was advanced against the policy holder. No defence was therefore owed and the appeal was allowed.
The requirement of physical damage may be satisfied when a defective product is incorporated into a larger final product, even when the incorporation does not result in the destruction of the final product. In Eljer Manufacturing Co. v. Liberty Mutual Insurance Co., the Court was faced with deciding whether coverage was available for a third party claim concerning a defective plumbing system. The plumbing system had not yet leaked and therefore, argued the insurer, there was no ”physical injury” to trigger coverage. The Court found that the plumbing was a ticking time bomb and, as such, presented a physical injury. Similarly, in Alie v. Bertrand & Frere Construction Co., [2000] O.J. No. 1360 (S.C.), the Plaintiffs were the owners of homes whose concrete foundations deteriorated shortly after the homes were built. The concrete for all of the homes was supplied by the Defendant Bertrand. The Defendant Lafarge supplied the cement powder and fly ash used in the batching of the concrete. The foundations built from the concrete presented major structural deficiencies. The only viable solution for the Plaintiffs was to replace their foundations and an action was commenced for recovery of that expense. The Defendants in turn sued their insurers for coverage.
Twenty-three insurers had each issued CGL policies to one of the two Defendants. The challenge for the Court was “to interpret these insurance contracts using the guidance of the jurisprudence to arrive at a common sense result”.
Bertrand sought indemnity for all damages awarded to the Plaintiffs, except for the actual costs of the concrete used to replace the deteriorating foundations. The issue as to the duty to defend had been resolved between the parties.
All of the policies had “occurrence” based coverage. The insurers undertook to pay on behalf of the insureds all sums which the insured became legally obligated to pay for damages as a result of an occurrence. The insuring agreements were intended to respond to any injury to or destruction of real or tangible personal property.
The Court concluded that the cause of the loss was the insertion of Fly Ash in the concrete mix, resulting in a deleterious chemical reaction. The insurers argued that replacement of the defective foundations was not covered because all of the damage and costs incurred were to replace the faulty concrete. The policies did not cover the insured’s own work product or workmanship. The insurers argued that the costs of replacing the concrete amounted to pure economic loss.
Bertrand took the position that the defective liquid concrete was made into residential foundations by the owners or the contractors; the concrete was incorporated into several foundations. The foundations were then more than Bertrand’s contribution and involved the placing and shaping of the concrete, along with forms containing tie rods, reinforcing steel and anchor bolts.
Whether or not there is coverage will depend on the facts of each case. Clearly if the defective product becomes part of the whole of a third parties product, or is incorporated in a third parties product and can’t be removed or repaired without either rendering the third parties product useless or damaging it, the Courts have concluded that that is property damage and coverage will follow.
In following the sequence of events here, insertion of Lefarge’s faulty FA into Bertrand’s concrete would result in property damage suffered by a third party, that is Bertrand. Obviously, the problem cannot be resolved by attempting to remove the FA from Bertrand’s concrete. I would have no difficulty, therefore, in concluding that there had been property damage resulting in coverage.
…
This situation is much different than the cases cited dealing either with insulation containing asbestos or the exterior cladding of the building. The structural integrity of the buildings in those cases was never threatened. In this case, the faulty concrete became incorporated in the foundation and the faulty foundation was incorporated into the home and the very structural integrity of these houses is threatened. If the foundations are not replaced they will collapse. This is not the case with faulty exterior cladding.
The Court therefore had no difficulty in concluding that property damage as defined in the policies included most of the property damage claimed by the plaintiffs and Bertrand had already conceded that it could not be compensated for replacing the defective concrete.
The implications of cases such as these for the insurer concerned with e-commerce exposures is obvious. Hacker attacks and computer viruses are all perils waiting in the wings. The Y2K threat, now passed, similarly presented insurers and insureds alike with unmanifested perils. Computer programs continue to be developed and installed into computers around the world. Inevitably, some of those programs will contain ‘bugs’ that can be discovered before they manifest and result in actual damage. The Insured who quickly moves to replace or rectify such a looming peril will invariably seek coverage.
However, not all Courts have agreed with this approach. In the American case of Seagate Technology, Inc. v. St. Paul Fire & Marine Insurance Company, the Court considered the integration of a defective product in the context of computer technology. Seagate’s disc drives were integrated into the computers of another business. Hard drive failure resulted in those computers and data was subsequently lost. Seagate was sued by the damaged party, which alleged that the installed drives were defective.
The Court held that the integration of defective disc drives did not amount to ‘physical damage’ to the computers. The Court relied on previous decisions which held that the integration of a defective product does not constitute property damage unless the integrated product is inherently dangerous. Because computer drives are not inherently dangerous, no physical injury occurred. As a matter of risk assessment, the integration of a defective product may be a commercial risk not passed on to the insurer.
V. E&O POLICIES
These policies provide coverage for damages resulting from the negligence, omissions, errors and mistakes made by professionals in the course of providing their services. As technology grows, so do the number of professionals involved in meeting the needs of consumers. Mistakes are easily made in a new and emerging field such as this. A typical insuring agreement is as follows:
To pay on behalf of the Insured all sums subject to the policy limit that said Insured shall become legally obligated to pay as damages arising out of ANY CLAIM OR CLAIMS FIRST MADE AGAINST AN INSURED DURING THE POLICY PERIOD for professional services by reason of any act, error or omission wherever or whenever committed or alleged to have been committed in connection with or incidental to the Insured’s [professional] activities…
The realization of e-commerce risks implicates a number of different E&O policies. Liability insurers for software and hardware designers, electronic data processors and computer consultants, are at risk. Custom built systems in specialty markets – like manufacturing – will suffer significantly from ‘glitches’ or ‘bugs’ in their systems. Service providers combine the skills of media experts with technology to provide access, gathering places, bulletin boards and content for the world wide web. Even insurance agents, brokers and underwriters are not immune from the risks created by e-commerce. The failure to sell the right policy can result in litigation.
The scope of coverage recommended or obtained is easily ‘misdiagnosed’ when the risks are new and perhaps not yet fully appreciated. Accountants and auditors face difficult questions of how to account for start-up costs and income streams emanating from ‘on-line’ businesses without the benefit of historical experience to guide them. Lawyers face an increased risk in advising clients with the application of legal principles learned prior to the advent of the computer age. Corporate directors and officers risk mismanaging e-related risks and concomitant shareholder wrath. Off the shelf computer programs are arguably a ‘good’ under the Sale of Goods Act, and thereby may attract liability. Technology professionals providing consulting or maintenance services, coupled with tangible “goods” could face actions framed by this statute.
Insurance policies are meant to cover loss arising from risks, not from certainties. A technology professional could fail to disclose known risks of a product to an insurance agent. Given that some products are released to customers in full knowledge of some defect or ‘bug’, the failure to disclose this information could result in a denial of coverage on the basis of material non-disclosure. E&O policies are designed to cover failure resulting from the provision of professional services, not from a liability arising outside of the provision of professional services.
Insurers have sometimes faced tort liability beyond coverage limits for failing to uncover flaws in an insured’s products during an underwriting audit. This highlights the need to heavily investigate an insured’s operations and understand the risks to be assumed. The decision to audit can create a tort exposure for failing to advise and uncover a hidden defect, despite having conducted the audit solely for underwriting purposes.
E&O policies tend to exclude the “physical injury” form of property damage and instead only cover certain loss of use or “economic loss”. This distinction is not clear in the world of e-commerce. Custom software that fails may harm the immediate business it was intended to serve but also may cause harm to the computer system and networks by corrupting the media on which the program resides. This physical harm is arguably excluded from coverage under an E&O policy.
Traditional E&O policies and their modern counterparts both cover losses arising from a “negligent act, error or omission”; a failure to discharge the appropriate standard of care would be covered. Circumstances will emerge where the highest standard of care was met, but an insured realizes a loss regardless. If that loss resulted from an error or omission, for example, failing to satisfy the terms of a contract, a coverage dispute may ensue. That is, if the word “negligent” only modifies “act”, non-negligent errors or omission may ground coverage.
Failures arising from goods or warranties bundled with professional services are questionably covered. The “Electronic Errors and Omissions” policy answers this issue by using the failure of a computer product itself as a trigger of coverage. One technology policy covers:
Damages the insured becomes legally obligated to pay for any claim arising out of a negligent act, error or omissions to which this insurance applies, by or on behalf of the insured resulting in the failure of your electronic products to perform the function or serve the purpose intended after installation or testing.
Electronic Products includes:
Electronic goods, products or services manufactured, sold, handled, distributed or disposed of by the Insured or those trading under the Insured’s name.
This definition encompasses warranties and representations as to fitness, quality and performance.
The benefit of this wording is clear. Insurers can charge premium for a clearly defined risk instead of having Courts expand the terms of coverage without the benefit of premium.
A difficult question arises when a professional is sued for technology related losses. These policies only cover for losses arising out of activities conducted in a professional’s capacity as such. For example, a lawyer’s failure to properly advise a client on an e-commerce related matter may be held to be conduct falling outside the scope of work conducted by a professional lawyer and, as such falling outside of coverage.
Technology E&O policies exclude expected or intended injury; this is the doctrine of fortuity discussed above. Coverage disputes were expected to arise out of Y2K liability, as policies did not contain a specific exclusion. The lack of an explicit exclusion for such a well known risk prompted many insurers to unilaterally determine that their existing policies did not cover for Y2K. There is no insurance for risks known to the insured when the policy is purchased or if a loss has already been suffered. However, as previously discussed, an insurer will face a high hurdle to successfully maintain a defense based on the doctrine of fortuity.
Issues can also arise in the context of a claims made policy. A design flaw that grows to be noticeable only as more users are affected may be difficult to detect early on. A failure to advise the carrier early on in the process could jeopardize coverage, given the claims made language of E&O policies. Anticipatory notice was suggested by some counsel in the context of Y2K but such notice should have no meaning or effect in the absence of an actual claim.
Most E&O policies have nationwide coverage. The international character of e-commerce will generate new coverage disputes for international losses. Software may be created in Canada but the failure could occur anywhere around the world. The question will arise as to whether the claim falls within the coverage territory provided by the terms of the policy.
VI. D&O POLICIES
D&O policies cover for the defense and indemnification costs of directors and officers sued in connection with the performance of their duties. An example of an insuring agreement is as follows:
A. The Insurer shall pay on behalf of all Insured Persons all Loss which the Insured Persons shall be legally obligated to pay as a result of a Claim first made against the Insured Persons during the Policy Period or the Discovery Period for a Wrongful Act, except for any Loss which the Company actually pays as indemnification.
B. The Insurer shall pay on behalf of the Company all Loss which the Insured Persons shall be legally obligated to pay as a result of a Claim first made against the Insured Persons during the Policy Period or the Discovery Period for a Wrongful Act, but only to the extent the Company is required or permitted by law to indemnify the Insured Persons.
Directors are responsible for managing the business and affairs of a corporation. In practical terms, directors supervise the management of the corporation and delegate to appointed officers the power to manage the business and affairs of the corporation. With the exception of closely held corporations, officers will provide hands on management while the directors offer a more supervisory role.
In exercising this role, directors and officers occupy a fiduciary role and owe this duty to the corporation itself. A breach of this duty may create liability in damages to the corporation itself.
Claims arising from e-commerce related perils fall roughly into two categories: those arising from mismanagement (for example, a failure to take steps to ensure a company is adequately protected against viruses or hacker attacks); or from the inadequate disclosure of a company’s ability to deal with anticipated problems (for example, the failure to disclose that a company’s on-line business has taken no measures to ensure detect or prevent infiltration by a virus; or prior to Y2K, the failure to disclose a corporation’s lack of readiness to deal with problems then anticipated).
With respect to mismanagement claims, directors and officers will likely be targeted for failing to provide adequate protection against known e-commerce perils; failing to assess the impact of inadequate protection on the corporation’s systems or operations; failing to take appropriate or timely remedial efforts once an e-commerce peril manifests; and failing to take necessary or effective steps to pursue recovery from those whose hardware, software or data causes damages and loss to the corporation.
Misrepresentation claims arise when a director or officer is alleged to have offered untrue, misleading, inaccurate or incomplete advice or information. Provincial Securities Acts require directors and officers to make full, true and plain disclosure of matters which are material to the corporation’s affairs. Material facts relating to the securities proposed to be offered must be disclosed in a prospectus.
A material fact is one which “significantly affects, or would reasonably be expected to have a significant effect on the market value or price of such security”. A prospectus containing a misrepresentation creates a right of action in a purchaser of security for damages against the issuer of the security, every director and every person who signed the prospectus. Thus directors and officers or companies issuing a prospectus face exposure in the event a prospectus misrepresents material facts relating to a company’s e-commerce health.
An example of a non-disclosure claim is the action underlying the insurance disputes in Continental Insurance Co. v. Dia Met Minerals Ltd. Equity Investments Corp. commenced an action against Dia Met and two related companies who had sold a large number of Dia Met shares to one of the related companies. Equity alleged, inter alia, that the directors of Dia Met had breached a fiduciary or equitable duty to disclose any information known to them and which might affect the value of shares. As a result, Equity claimed it had suffered loss and damages by agreeing to sell its shares for a price much lower than it would have accepted had the defendants not committed the various breaches.
Mismanagement claims likely to be advanced against directors and officers include derivative actions commenced by shareholders seeking to recover financial losses sustained by the corporation, claims from business or joint venture partners whose businesses are affected by a company’s vulnerability to e-commerce perils and customers, suppliers or vendors who sustain a loss by reason of a shut down or slow down attributable to e-commerce perils.
Non- or mis-disclosure claims are likely to be advanced by shareholders who sustain a drop in share value of the company, lenders who have lent based on representations, warranties or statements of the directors and officers, other companies merging or acquiring companies based in part on the representations made by directors and officers concerning e-commerce related peril prevention, other customers, suppliers or vendors alleging that their participation in a particular business transaction was premised on certain representations, and claims made by regulators alleging a failure to make proper disclosure as required by statute. In Dixon v. Deacon Morgan McEwen Easson, the investor Plaintiff lost a considerable amount of money when the shares of National Business Systems Inc. fell. Dixon alleged the fall was due to the actions of the Directors, among others. One of the impugned Directors, Goldberg, sought summary dismissal of the action as against him. The actions of Mr. Goldberg amounted to mere nonfeasance; he did not attend meetings relating to the affairs of National nor did he attend meetings of the audit committee. He had no idea what was happening in the company:
He allowed his name to be used by National for any benefits that might give to the company. At the same time, he enjoyed the prestige that he felt went along with being a director, a member of the audit committee and a member of the executive Committee of National.
…
There is no claim of fraud against Mr. Goldberg.
The Court dismissed the application for summary determination and, in doing so, adopted this summary of Canadian law:
There is a dearth of case law on the issue of duty of care, and accordingly, it is difficult to say precisely to what depths one must sink in order to be liable in negligence. Conduct unbecoming a director would seem to include deliberately ignoring the affairs of the corporation, and also transfer of control to persons whom one knows to be dishonest or irresponsible. Lesser sins are likely to be forgiven on the basis of the ‘business judgment’ rule provided that the individual responsible can plausibly claim to have acted in good faith. …
These policies are designed to cover mistakes in judgment and negligence. Coverage should be available under a D&O policy where a “loss” results from the “wrongful act” of a Director or an Officer, acting in the course of their duties. These policies generally provide two-part coverage. The first insures officers and directors in their official capacities. The second insures the corporation for amounts it becomes obligated to pay to indemnify the officers and directors. Policies are generally triggered by claims made that arise out of acts taking place subsequent to a retroactive date.
Contractual definitions of “Wrongful Act” would appear to include both claims against directors and officers for mismanagement and inadequate disclosure. In most policies, the term is not restricted to acts or omissions occurring during the policy period. These policies are invariably written on a claims made basis. Wrongful acts can then be covered even if they occurred at any time prior to or during the policy period, subject to any limitation contractually imposed by a retroactive date. In the normal course, D&O coverage does not afford coverage to the corporation itself for its own liability. In some cases, entity coverage is available for securities or employment practices claims.
The construction of a D&O policy is to afford a broad coverage grant which is narrowed by a series of exclusions. Therefore, not all claims which may be levelled at a Director or Officer will be covered. These policies typically exclude claims for bodily injury, sickness, disease or death, or for damage or destruction of any tangible property, including loss of use. In the context of e-commerce related perils, this exclusion would serve to exclude coverage for repetitive stress disorder claims or claims arising from viral damages to a customer’s computer system.
In addition to these exclusions, other arguments against coverage may arise. An insurer may argue that a loss was not fortuitous or that a peril was realized as a direct result of intentional conduct (for example, deliberately ignoring the realities of e-commerce perils).
D&O policies typically contain an exclusion similar to that found in property or CGL policies which exclude coverage for intentional or criminal acts and for damage to property. An example of these exclusions follow:
The Insurer shall not be liable to make any payment for Loss in connection with a Claim made against an Insured:
…
(x) arising our of, based upon or attributable to the committing in fact of any criminal or deliberate fraudulent act;
…
(x) for bodily injury, sickness, disease, death or emotional distress of any person, or damage to or destruction of any tangible property, including the loss of use thereof, or for injury from libel or slander or defamation or disparagement, or for injury from a violation of a person’s right of privacy;
The result of the property damage exclusion is that only claims for pure economic loss would find coverage. Canadian Courts have accepted that the term “Wrongful Act” includes intentional acts. This flows logically from the directors’ and officers’ obligation, on a day to day basis, to make decisions in managing the affairs of the corporation. The process of active decision making is obviously intentional. However, Canadian case law has not been consistent in interpreting the scope of what constitutes an intentional act. Absent clear evidence that an insured consciously decided not to address e-commerce related perils, with the knowledge that the decision would likely result in a particular type of loss, it is unlikely a D&O insurer will succeed in denying coverage based on intentional conduct.
E-commerce related exclusions will be construed narrowly by the Courts. While it is the intention of the Courts to give effect to the intention of the contracting parties and not to rewrite the policy through judicial interpretation, it is well established that a contract of adhesion, like an insurance policy, will be construed so to resolve any ambiguity in favour of the insured. In general, grants of coverage will be liberally interpreted.
An insured is not covered for losses it was aware or should have been aware of prior to the inception of the policy. The coverage determination may turn on when the insured should have known about the exposure.
A non-disclosure of a potential liability – for example, the failure to implement a Y2K remediation program – may form the basis of a misrepresentation defense. D&O coverage is only available for negligent acts or omissions. If the D&O’s do nothing, this arguably rises to the level of knowing or fraudulent conduct and would not be covered. The D&O’s will argue that only an actual legal finding of intentional conduct could ground an off-coverage position.
VII. THE NEW BREED OF POLICY
A. LIABILITY POLICIES; GRANTS OF COVERAGE AND DEFINITIONAL TERMS
A number of insurers have already responded to emerging e-commerce perils by providing coverages tailored specifically to the reality of the role technology plays in the world of contemporary business. Some of these new policies afford simple and broadly worded coverage. Others afford a more complex set of coverages and defined terms. All of these new policies provide an insured with protection, however varied, from e-commerce related perils.
One of the simpler grants of coverage available is as follows:
The Company shall pay on behalf of each Insured all Loss on account of any claim
… arising out of the Insured’s Internet Activities …
Internet Activities are defined to mean:
(i) display or other use of Matter on an Internet Site
(ii) transmission of Matter via an Internet Site; or
(iii) dissemination of Matter by any other means of publication or communication [shown in … the Declarations].
Matter is defined to mean printed, verbal, numerical, audio or visual expression, or any other expression regardless of the medium upon which such expression is fixed.
The Internet Sites are as declared in the Declarations. Note that unless declared as a ‘means of publication or communication’, an insured’s e-mail system would not be covered under this policy. Therefore, claims arising from damage caused to a business partner who is adversely affected by an insured’s failure to properly protect its e-mail system from detecting and disseminating computer viruses would likely not amount to the transmission of ‘Matter’ via a [declared] Internet Site. Absent an express grant of coverage, a claim for business interruption is not afforded coverage under this policy, which appears to be aimed at disputes over intellectual property rights, actions in defamation and the protection of privacy interests.
Other policies offer coverage for ‘technology work’ and ‘technology products’. Here, the insurer agrees to:
pay amounts any protected person is legally required to pay as damages for covered loss that is caused by any error, omission or negligent act committed in connection with:
- your covered technology work; or
- your covered technology products
The policy’s Coverage Summary limits technology products and work to those described or excluded in the Summary.
Technology work means any computer-related work or service that you:
- are performing or providing, or others are performing or providing for you; or
- provided or perform, or others provided or performed for you.
Technology work includes:
- materials, parts and equipment furnished in connection with your technology work or service;
- any warranty provided with or for your technology work or service;
- any statement made or which should have been made about the fitness, quality, durability or performance of your technology work or service; and
- warnings, instructions or directions provided, or which should have been provided, or which should have been provided, with or for your technology work or service;
Technology products means computer-related goods or products that:
- you;
- others using your name; or
- others whose business or assets you have acquired; have manufactures, sold, handled, distributed or disposed of, including containers, materials, parts or equipment provided in connection with your technology products.
Technology products includes:
- any warranty provided with our for your technology products;
- any statement made or which should have been made about the fitness, quality, durability or performance of your technology products; and
- warnings, instructions or directions provided, or which should have been provided, with or for your technology products.
This policy combines the features of an E&O policy with a products liability policy. This has a certain utility given the problems associated with discerning the cause of an e-commerce related mishap. In the absence of simultaneous coverage for both products and services, arguments over whether the product or the service is the true cause are sure to be advanced. However, this problem can not be completely obviated. When the product and the service are provided by different sources, coverage disputes are sure to arise.
Significantly, the definition of Protected Persons includes a degree of coverage for an insured corporations’ directors, officers and shareholders:
Corporation or other Organization. If you are named in the introduction as a corporation or other organization, you are a protected person. Your executive officers and directors are protected persons only for the conduct of their duties as your officers or directors. Your stockholders are protected persons only for their liability as your stockholders.
Another policy has the features of both an E&O and CGL policy, while providing express coverage for intellectual property claims.
The Insurer pays for all Loss resulting from Claims for:
1. An Internet Matter Wrongful Act, or
2. an Internet Activities Wrongful Act, or
3. an Internet Technology Services Wrongful Act
“Matter” means printed, verbal, numerical, audio or visual expression, or any other expression, regardless of the medium upon which it is fixed.
Internet Matter Activities means the creation, display, transmission or other use of Matter through the Internet.
Internet Matter Wrongful Act means any of the following acts, errors or omissions actually or allegedly committed or attempted by the Insureds … in connection with Internet Matter Activities by or on behalf of the Insured Organization:
(a) libel, slander, oral or written publication of defamatory or disparaging material, or any other defamation;
(b) invasion or infringement of, or interference with, the right of privacy or publicity;
(c) infringement of copyright, service mark, service name, trademark, trade dress; trade name, title or slogan; or
(d) plagiarism, piracy, unauthorized use or misappropriation of confidential, proprietary or protected ideas or information under an implied contract, or improper use of literary or artistic titles, formats or performances.
Internet Activities includes a number of services:
1. Designing, constructing or maintaining an internet site;
2. the integration of electronic or business processes with an Internet site;
3. providing an end-user or customer access to the Internet through a browser which enables the customer or end-user to send and receive electronic information;
4. providing access to or dissemination of material, goods or services through the Internet;
5. providing internet search/navigational tools or internet site building tool and/or technology;
6. providing an end user or customer with a unique internet address that can function as the beginning and end point of electronic information transfers;
7. providing electronic mail services;
8. maintenance of Internet chat room(s) or bulletin board(s);
9. acquiring, researching, gathering, recording, collecting or preparing of material by means of the foregoing services; or
10. any other computer or electronic information technology services specified by written endorsement attached to this policy.
Internet Technology Service means providing any of the following in connection with the Insured Organization’s Internet Activities:
1. any computer or electronic information technology services performed by the insured organization for others for a fee, including consulting, systems analysis, systems programming, data processing, system integration, development, design, management, repair or maintenance of computer products, networks or systems; or
2. any computer hardware, software or related electronic product, equipment or device that is created, manufactured, developed, distributed, licensed, leased or sold by the insured organization to others for a fee, including training in the use of such computer hardware, software or related technology products.
An Internet Technology Service Wrongful Act are those acts, errors or omissions actually or allegedly committed or attempted by the Insureds in connection with an Internet Technology Service.
Yet another policy wording provides coverage for business income loss resulting from an interruption of service caused by a defined loss event. A loss event is defined as:
1. any unauthorized use of, or unauthorized access to, electronic data or software within your covered electronic business systems;
2. any malicious, subversive or unauthorized introduction or implantation of any computer code, program or data into, or attack upon, your covered electronic business systems causing the alteration, distortion, deletion, destruction, degradation, corruption, malfunction, compromise or loss of access to your covered electronic business system, in whole or in part;
3. computer theft;
4. extortion; or
5. any unintentional act, mistake, error or omission made by your authorized personnel, in the course of their duties, in connection with the creation, development, modification or implementation of any set of related instructions to direct the operations and functions of your covered electronic business systems. …
Further, business income loss resulting from an interruption of service to a Dependant Business – a business now owned, operated or controlled by the insured, but relied upon to perform e-business functions – is similarly covered, with the exception of item 5, above.
A separate grant of coverage is available for Loss Event Liability, which insures claims advanced as a result of one or more of the loss events, defined above.
Coverage is further afforded for Intellectual Property Development Costs which are incurred as a result of loss of or damage to intellectual property resulting from 1) the unauthorized use of or access to electronic data or software or 2) any unauthorized introduction of any computer code causing the alteration, corruption or destruction of access to a business electronic system.
Public Relations Expenses are insured when incurred as a result of negative publicity caused by a loss event. Losses associated with negative publicity are themselves not insured.
Some policies include complex grants of coverage, covering discrete but perhaps overlapping areas of e-commerce.
B. TECHNOLOGY LIABILITY
The insurer pays those amounts an insured becomes legally obligated to pay for wrongful acts:
1. [in the insured’s] performance of technology services; or
2. [resulting] in the failure of [the insured’s] technology products to perform the function or serve the purpose intended.
Technology Services means any computer or electronic information technology services performed by [an insured] for others, including system analysis, systems programming, data processing, system integration, outsourcing development and design and the management, repair and maintenance of computer products, networks and systems.
Technology Products means any computer hardware, software or related electronic product, equipment or device that is created, manufactured, developed distributed, licensed, leased or sold by [an insured] to others, including training in the use of such computer hardware, software or related technology products.
C. INTERNET MEDIA LIABILITY
An Insurer pays for claims resulting from:
any claims(s) made against [an insured] for wrongful acts in connection with internet media in the conduct of [an insured’s] business.
Internet Media means advertising, webcasting, electronic publishing, transmission, republication, retransmission utterance, dissemination, distribution, serialization, creation, production, origination, exhibition, displaying, researching or preparation of material in connection with [an insured’s] internet service.
D. INTERNET SERVICES LIABILITY
We shall pay on your behalf those amounts, in excess of the applicable retention, you are legally obligated to pay as damages resulting from any claim(s) …, for your wrongful act(s) in rendering or failing to render Internet services and otherwise covered professional services in connection with the Internet for others. Such wrongful act(s) must … not result in a specified event.
E. SPECIFIED EVENTS
An insurer pays damages resulting from any claim(s) for an insured’s:
Wrongful act in rendering or failing to render Internet services or otherwise covered professional services for others, but only if such wrongful act … results in a specified event.
Specified event means the actual or alleged incident of any of the following:
1. Transmission of malicious code (an unauthorized corrupting or harmful piece of code, including, but not limited to, “Trojan Horses”, “worms” and “time or logic bombs”;
2. Unauthorized access (the gaining of access to a computer, computer system, or computer network by an unauthorized person or persons or an authorized person in an unauthorized manner);
3. Unauthorized use (the use of a computer, computer system or computer network by an unauthorized person or persons or an authorized person in an unauthorized manner; or
4. Loss of Service (the inability of a third party, who is authorized to do so, to gain access to your professional services through the internet).
The coverages afforded by this policy combines the features of E&O and products liability policies in the first grant of coverage with coverage for intellectual property claims, actions in defamation and protection of privacy rights in the second grant of coverage. The third grant of coverage expands the E&O insurance available by including a technology professional’s provision of internet services, a service different than, although perhaps connected with, the technology services work coverage. Significantly, this policy provides a technology professional with coverage for the dissemination of a virus, a third party’s loss of use of internet related professional services and for liability arising from the unauthorized access and use of a computer.
F. EXCLUSIONS FROM COVERAGE
1. Property Damage
Many exclusions from coverage are common to all of these new policies. Typically, these new policies will not cover bodily injury or property damage; pollution; fraud; anti-trust; breach of contract; employment practices; patent infringement; governmental actions; prior claims and prior and pending litigation.
Given the discussion above, the definition of Property Damage deserves further attention. Five different exclusions for Property damage follow:
i. Property damage means (1) Physical injury to tangible property, including all resulting loss of use of that property, or (2) loss of use of tangible property that has not been physically injured. For purposes of this definition, the term ‘tangible property’ does not include covered electronic business systems, although it does include hardware or other equipment or property in, on or through which your electronic data and/or software are collected, transmitted, processed, stored or received.
Covered Electronic Business Systems means electronic data and software, provided that the implementation, update and maintenance thereof are under your direct control or, if applicable, under the direct control of a Service Provider listed in the schedule of the Service Provider endorsement attached to this policy.
ii. The Insurer shall not be liable to make any payment for Loss in connection with any claim against an Insured …
for bodily injury, sickness, disease or death, or for damage to or destruction of any tangible property, including loss of use thereof;
iii. We will not cover loss resulting from injury or damage.
Damage means Property damage.
Property Damage means physical damage to tangible property of others, including all loss of use of that property; or loss of use of tangible property of others that is not physically damaged.
Tangible Property does not include data.
iv. The Company shall not be liable for Loss on Account of any claim made against any Insured:
(a) for or arising out of bodily injury, sickness, disease or death of any person, or damage to or destruction of any tangible property, including loss of use thereof;
v. We shall not cover claims:
…
for bodily injury or property damage;
Property damage means (1) physical injury to, loss or destruction of, tangible property including the resulting loss of use thereof; (2) loss of use of tangible property which has not been physically injured, or destroyed; or (3) injury or harm to tangible property owned by you.
All of these policies exclude coverage for damage to tangible property. As the discussion above illustrates, American Courts have held that damaged or corrupted software, hardware or data are tangible property. Whether Canadian Courts will follow suit has yet to be seen. Further, given that these definitions are contained in exclusions from coverage, which will be narrowly interpreted by the Courts, it is not unexpected that a Court may conclude that damage to (arguably) intangible property, such as data, will be afforded coverage. Significantly, definition (iii) expressly excludes data from the property damage exclusion. Definition (i) excludes both data and software under certain conditions but would include damage to hardware, such as a computer’s hard drive. Moreover, definitions (i) and (v) define Property Damage as “physical injury”, a term with a wider meaning than “physical damage”. Arguably, these exclusions will serve to provide more relief to the insurer than will their more restrictive counterpart.
2. Intellectual Property
All of these policies exclude patent infringement from coverage. An insurer typically will not cover Loss:
arising out of any actual or alleged infringement, contribution to infringement, or inducement of any infringement of any patent.
However, the coverage afforded to intellectual property disputes varies and often excludes more than patent disputes from coverage. Another insurer has exempted from coverage any intellectual property related dispute:
We will not cover loss that results from any actual or alleged infringement or violation of any: copyright; patent; trade dress; trade name; trade secret; trademark or intellectual property right or law.
This is a significant exclusion from coverage given the multiplicity of intellectual property related disputes that can arise in the world of e-commerce. This exclusion is tempered by the availability of more expansive coverages which only exclude claims:
Based upon or arising from, or in nay way related to any actual or alleged infringement of patent or misappropriation of trade secrets;
Further, yet another insurer has anticipated disputes arising over profits generated from intellectual property between an insured and its employees or independent contractors by excluding from coverage claims:
by any writer, lyricist, artist or other person or organization under contract with an Insured, or such person’s or organization’s heirs or assigns, seeking against an Insured an accounting or recovery of profits, royalties, fees or other amounts alleged to be due, or any Claim by any such person or organization against an Insured alleging excessive or unwarranted fees, compensation, or other charges of any kind made against an Insured;
Currently, there exist in the marketplace insurers who endorse existing policies with coverage for some intellectual property claims, including Software Copyright Infringement:
the unauthorized Copying of Software by the Insured, within the territory of Canada, in violation of a third party’s enforceable and valid rights arising under the Copyright Law which results in a Software Copyright Claim or Software Copyright Injunction Claim against the Insured.
Software Copyright Claim means a demand for Damages, whether made together with, as part of, or in addition to, a Software Copyright Injunction Claim.
Software Copyright Injunction Claim means any request made by a third party in a Software Copyright Injunction Proceeding against an Insured that the Insured cease Copying Software claimed to be in violation of the valid and enforceable rights of that third party under the Copyright Law.
Software Copyright Injunction Proceeding means any action or proceeding against the Insured to cease Copying Software claimed to be in violation of a third party’s valid and enforceable rights arising under the Copyright Law.
Significant exclusions from this form of coverage include willful or intentional acts of copyright infringement and claims arising out of the violation of any right in non-copyright protected intellectual property, including patent, trademark, trade dress or trade secret.
3. Breach of Security Exclusions
Many of the exclusions employed in these policies recognize the problems inherent in the security of new technologies.
We will not cover loss that results from any failure of your technology work or your technology products to prevent unauthorized access to or use of any computer, software, network or electronic information system.
Similarly, there can be an exclusion for work an insured does for others with respect to ensuring the security of electronic information:
based upon, arising from or in any way related to the Insured’s development, distribution, dissemination, installation, implementation, operation, maintenance for others and/or the insured’s recommendation of encryption, authentication, certification, validation, and or filtering software, or of policies, equipment or procedures for establishing or managing a secure method for exchanging electronic equipment for others;
Some forms of technology are recognized as inherently lacking in security and therefore deserving to be excluded from coverage:
Loss arising from the security failure of any wireless computer system.
Policy wordings often impose an obligation on an Insured to maintain a reasonable security system.
Loss based upon, arising from, or in any way related to the actual or alleged
…
… failure … to take reasonable steps to use, design, maintain or upgrade … security;
It is likely that litigation will result over the question of what constitutes a reasonable step to upgrade security. Given the speed with which technology becomes obsolete, insurers may attempt to argue that an insured must maintain the most up-to-date security protection or lose coverage.
4. Act of God
In addition to exclusions for loss resulting from strikes, war, rebellion, fire, earthquakes, lightning, floods and the like, some insurers have expanded the Act of God exclusion to include:
(iii) a mechanical breakdown, or (iv) an electrical, data transmission, telecommunications or satellite systems failure not caused [intentionally];
5. Computer Extortion Coverage
This same insurer is offering other interesting kinds of coverage. The vulnerability to e-commerce related perils is reflected in the emergence of “Computer Extortion Coverage”, which insures against loss of money, securities or other property surrendered by an Insured and extortion costs incurred by the Insured Organization as a result of Computer Extortion. This brand of insurance is a tacit recognition that there are those who would threaten (i) to commit ‘computer crime’; e.g. to steal electronic data; copy or destroy an Insured’s computer system, (ii) to introduce, implant or spread a computer virus, or (iii) to adversely affect the Insured Organization’s reputation or public standing through use of a computer or the internet, provided such threats involve a demand for money or property to terminate or prevent the threatened event.
Excluded from coverage are losses of trade secrets, confidential processing methods or other confidential or proprietary information of any kind; losses resulting from the unauthorized access and use of the Insured’s telephone system, unless used exclusively for Internet access; loss resulting from the security failure of any wireless computer system; loss arising from a failure to ‘
back-up’; failure to upgrade security; loss based on failures in project planning, including mistakes in determining capacity needs.
G. INTERNET CRIME COVERAGE
Internet Crime Coverage offers an insured coverage for financial loss resulting directly from a Computer Crime (i.e. the theft of electronic data or alteration, corruption or destruction of the Computer System). A computer system includes hardware, software, programs, electronic data, the media on which electronic data is recorded, the computer network or networking equipment and websites, servers, intranet, extranet or virtual private computer network.
The same exclusions apply as above.
H. COVERAGE TERRITORY
Coverage under this Policy shall extend to Internet Activities, occurring anywhere in the world but only with respect to claims made against the Insureds in the United States, its territories or possessions, or Canada.
This wording is contrasted with other policies which read:
This Policy applies to business income loss, investigation expenses, development costs, public relations expenses, loss events, electronic publishing wrongful acts, computer theft and extortion occurring anywhere in the world; and
This policy applies to Claims made, Wrongful Acts occurring, Loss sustained or Covered Events taking place anywhere in the World.
I. CLAIMS MADE AND REPORTED
Many of these policies operate on the basis of claims made and reported. The insurer’s liability typically results from:
1. wrongful acts committed on or after the retroactive date and before the Policy’s ending date;
2. claims first made or brought against an insured while the agreement is in effect; and
3. claims that are reported while the agreement is in effect.
Insurers will want to examine claims carefully to ensure that the wrongful act did not occur before the retroactive date.
Insurers are expected to pay particular attention to the “Each Wrongful Act Limit”, contained in some of these policies and exemplified as follows:
Subject to the Total Limit, the Each Wrongful Act Limit shown in the Coverage Summary is the most we will pay as damages and defense expenses for the combined total of all claims made or suits brought for covered loss resulting from any one wrongful act or series of related wrongful acts.
Series of related wrongful acts means two or more wrongful acts that have as a common connection, tie or link, any fact, circumstance, situation, incident, transaction or cause.
There is obvious benefit to the insurer to attempt to ‘tie’ two or more otherwise discrete acts together.
VIII. CONCLUSION
An insurer’s mandate in the new economy is clear. Traditional and familiar policies of insurance do not specifically speak to affording coverage for an e-commerce related peril. Those perils are nonetheless real and increasingly confronted by insureds in day to day business operations. When those perils manifest, off-coverage positions will inspire costly litigation. Those costs will continue to escalate if Courts succumb to the temptation to expand familiar scopes of coverage. The solution is to craft and market a new kind of policy aimed at new perils and thereby draw a new source of premium revenue, turning the changing economy to the insurer’s benefit.
