Neiman Marcus Data Breach Decision Portends Greater Risk for NW Companies, Need for Cyber Coverage

Earlier this week the Seventh Circuit Court of Appeals, in Illinois, issued a momentous decision for those of us who keep tabs on data breach litigation nationwide.  The decision in Remijas v. Neiman Marcus reinstated class action claims by thousands of shoppers who had their credit card data stolen.  Reversing a trend in the case law driven by a 2013 Supreme Court decision (the Clapper decision), the Seventh Circuit held in effect that even if some class members had not yet experienced a loss of money due to their personal information being stolen, they still had standing to pursue claims for compensation, including for the time and aggravation of having to obtain replacement credit cards, put in place credit monitoring, and take other steps to protect themselves.  It did not matter, said the court, that all of the consumers who had experienced fraudulent charges on their cards had been reimbursed by their banks, that Neiman Marcus had agreed to pay for credit monitoring, or that the consumers could not conclusively rule out that their credit card account information had been stolen in a different hack (e.g. Target).

This decision is only binding in the federal districts within the Seventh Circuit, but as Kevin LaCroix has pointed out in his blog, as a first-in-the-nation decision from an appellate court in this exact scenario, it is likely to be influential.  That is even more true for claims brought in the Northwest, for two reasons.

First, the Seventh Circuit cited extensively to a decision from the Northern District of California in the Adobe Systems data breach case, In re Adobe Sys., Inc. Privacy Litig., No. 13–CV–05226–LHK, 2014 WL 4379916 (N.D. Cal. Sept. 4, 2014).  (That decision is available here.)  The Adobe decision relied on pre-Clapper case law from the Ninth Circuit, and has already been cited twice this year to support a finding of standing in a data breach/data privacy class action, the first brought by Sony employees, and the second by users of the Google Wallet.  Those cases had already established the Ninth Circuit (and therefore the Northwest) as a favorable venue for data breach class actions.

Second, the Premera Blue Cross class action complaints involving the massive data breach at that company, and involving claims under Oregon and Washington law, have all been consolidated in the federal court in Oregon, and have been assigned to Judge Michael Simon.  Judge Simon, a former Perkins Coie partner, is inclined toward issuing cerebral and thoroughly-reasoned decisions that often have a pro-consumer bent.  I would not be surprised to see a lengthy decision from Judge Simon in the near future along the lines of the Seventh Circuit's decision, giving plaintiff's lawyers a road map for obtaining standing in data breach cases and how to properly bring claims under Oregon and Washington law.

What does any of this have to do with insurance?  Well, if you are a non-Northwest company with operations in the Northwest looking at cyber insurance, and trying to assess company-wide risk, you cannot rely on decisions from courts in your "home" jurisdiction that have made it hard for these types of claims to go forward.  If you are a Northwest business that handles a lot of consumer data, the risk of a class action in the event of a breach just went up a little but.  Even if the claims are absolutely meritless, they will get past the motion to dismiss stage, which means that defense costs will be considerable.  All of that should be fodder for your next conversation with your insurance and legal advisers about your company's cyber-coverage, and particularly defense cost coverage and limits.

Update: As reported by my colleague Brian Sniffen in our blog IP Law Trends, Neiman Marcus has now requested en banc review of this decision.  En banc review is rarely granted.

Certain cases reprinted from WestlawNext with permission of Thomson Reuters.  If you wish to check the currency of this case by using KeyCite on WestlawNext, then you may do so by visiting www.next.westlaw.com.

Premera Data-Breach Class Action Claims Illustrate Cyber Coverage Issues

The massive data breach at Washington health insurer Premera Blue Cross Blue Shield has spawned at last count fifteen class action lawsuits in Washington alone and least one suit in Oregon federal court.  The suits allege that over 11 million records were exposed in the hack, including not just personally identifiable information but also health treatment and medication histories.

Examining the allegations in these class action complaints, and the differences among them, is instructive for those of us advising clients on insuring against these kinds of risks, because this will not be the last time this kind of breach will occur.  This post will focus on only two of the many issues that these complaints raise.

I should emphasize that I know nothing about Premera's insurance situation, and that the discussion below is purely based on general observations. Also, the below comments should not be taken as commentary on the validity or any of the plaintiffs' claims (some of which -- like the "bailment" claim -- have been rejected in other class action suits).

Timing Issues & Known Loss.    One of the more striking things about the complaints against Premera is the contention that Premera knew that its systems were vulnerable, and  that it had been hacked, well before it disclosed the data breach to its customers.  Each of the complaints claim that the federal Officer of Personnel Management audited Premera's systems in early 2014 and that on April 18, 2014 Premera received a report from OPM that its systems were vulnerable to attack due to (among other things) failure to make updates to security software, and that the hackers infiltrated Premera's IT system almost immediately thereafter, in early May, 2014.   The complaints also allege that Premera knew that it had been hacked in January, 2015.  But Premera did not disclose the breach to customers until March, 2015.

This brings to mind common coverage defenses used by insurers who issue "claims made" policies, which most cyber coverage policies are: that the claim was known earlier than it was reported.  A claims-made policy provides liability coverage for claims made against the insured during the policy year, irrespective of when the incident happened.  That would mean that a complaint filed against Premera in April, 2015 would generally be covered by its policy in effect in April, 2015.  But what if Premera knew that it would very likely be sued before that policy period started, or before it even applied for the policy?  And what if it failed to disclose what it knew during the application process?  All of these are issues commonly raised by insurance carriers looking to get out of paying a loss.

Also, cyber coverage in particular is often tied not only to when a claim is made but also to when the "wrongful act" or "negligent act" that allowed the breach to happen took place.  Coverage is sometimes conditioned on the negligent act having occurred within a certain time span prior to the beginning date of the policy, referred to as the "retroactive date."  It is increasingly common to hear that a "hack" was accomplished months before the data breach was discovered.  If the hackers got in before the retroactive date, does that mean no coverage?

Claims Under State Data Breach Laws.   Most of the complaints contain a claim under Washington's "Data Disclosure Law," but not a direct claim under the Oregon analogue.  Why?  Because the Washington law expressly provides a private cause of action for damages if any Washington company fails to promptly notify consumers of a breach.  Oregon law ( http://www.oregonlaws.org/ors/646A.624) does not provide for a private cause of action.  The Washington statute, however, does not provide for any kind of minimal or statutory damages, and requires that the customer have been "injured" to maintain a suit.  That is both good for the defense of the claim (since the customers may have trouble establishing standing if their personal data has not actually been used, as discussed in this post), and good for coverage.  Cyber policies, like many similar kinds of policies, often provide coverage for "damages" but exclude coverage for "penalties and fines," leading to coverage disputes about whether statutory damages are in fact "damages."  Some states, like Arizona, provide civil penalties for violations of breach laws. And increasingly cyber policies are providing coverage for some kinds of regulatory fines or penalties, which is a good thing particularly given the recent news about large HIPAA fines.

In addition to the claim under the Washington statute, and in lieu of a direct claim under the Oregon statute, many of the complaints bring claims under the Washington and Oregon unfair trade practices or "consumer protection" statutes.   Potentially relevant to coverage are the claims under those statutes for treble damages.  Carriers routinely argue that the multiplied portions of awards are uninsurable punitive damages or are not covered as a penalty. 

There is no question that a large damages exposure will give an insurer incentive to take aggressive coverage positions. Data breach suits will be no exception. Savvy policyholder advisors will need to anticipate these defenses and plan accordingly.  So stay tuned for further reflections on the coverage issues that may arise from the Premera and similar suits.

Washington Policyholders, Check Your Cyber Policy as Data BreachNotification Law Moves Forward

Washington has moved a step closer to bringing its data-breach notification law in line with the laws of many states (including Oregon) that require notification in the majority of scenarios, closing what some viewed as loopholes in the law and mandating notification within 45 days, rather than the prior "as soon as possible" requirement.  (Oregon law still lacks a specific presumptive deadline).  In particular, the new Washington bill removes the exemption for lost or stolen data that is "encrypted," in recognition of the fact that "encryption" can fail if the technology used was old or if the encryption key was also stolen.  The Washington bill has passed the House and it set for hearings in the Senate later this week, and is expected to pass.

What does this mean from an insurance standpoint?  Cyber insurance policies typically provide "first-party" coverage for the costs of data breach notification, but often contain very low sub-limits on that coverage.  In a state like Washington with a weak data breach notification law a business could in theory get away with a low sub-limit because only in a rare set circumstances would broad-based notification be required.  That will no longer be the case and so those sub-limits, and any other restrictions placed on notification coverage, need to be re-examined.  And of course if your business lacks cyber coverage entirely, it is time to explore your options.  The most recent data on the cost of data breaches indicates that the cost of notification is the fourth-biggest category of impact from a data breach (after lost reputation; lost time/productivity; cost of new technology).  By comparison the cost of regulatory fines and lawsuits was tenth in the ranking of impacts on businesses experiencing a breach.   The conventional wisdom is that a business should expect to spend at least $188 per record  on notification and similar first-party response-related costs.  With the number of records routinely stored by businesses, particularly those in the online retail or cloud computing sector, it is easy to see why low sub-limits could be a huge problem if a breach occurs.  So check your policies, and call your insurance advisers, to get ahead of these changes in the law in Washington.

ps.  Speaking of Washington, not 48 hours after news broke this week of a major data breach at Premera in Washington a class action was filed. But the cause of action -- breach of contract -- may cause coverage problems. The liability portions of cyber policies often exclude breach of contract actions. One more reason to check those policies.

Update April 22: The bill has passed and is now awaiting signature by the Governor.

WA Fed Court: "Spin, Massage, Speculation and Sophistry" Do Not Create Duty to Defend

In Wargacki v. Western National Assurance Co. Judge Leighton of the Western District of Washington held that a homeowner's carrier had no duty to defend a civil suit where the insured shot his pregnant girlfriend, and then shot himself - despite the allegation in the complaint that the boyfriend acted "either negligently, intentionally or recklessly" and that the shooting was "at least negligent."

The court held that the allegation that the shooting was negligent and thus not barred by the intentional acts exclusion was not plausible, and characterized the girlfriend's estate's argument as "spin, massage, speculation or sophistry."  Although this decision appears rooted in common sense, it appears to be inconsistent with Washington law on the burden of proof in the duty-to-defend situation.  The court took the plaintiff to task for failing to allege any facts that would have supported the shooting being negligent, rather than intentional.  But that was not the plaintiff's burden.  Under Washington law, as under the law in most states, the duty to defend is based only on what is pled in the complaint.  If the complaint itself is compliant with court rules on factual pleading, it is simply not up to the judge in a coverage case to fault the plaintiff for not pleading more.  If the complaint could allow the presentation of evidence to support a covered loss (such as proof that the shooting was negligent), then there should be a duty to defend.

That is not to say that the decision was necessarily incorrect.  The plaintiff's complaint alleged not only negligence but also in the same claim the tort of outrage, which (according to the judge) requires intent.  If the decision had relied on that pleading, then the decision might be easier to reconcile with Washington law.  However, the decision only cites that fact as further evidence that there was no duty to defend.

This decision highlights the importance of careful analysis of coverage issues before embarking on any kind of litigation and when crafting an opening pleading, but also the importance of the burden of proof in coverage disputes.  It is not "sophistry" or "spin" to plead in the alternative where the facts are reasonably in dispute and as a result different legal theories may be implicated.  Forensic science and life experience teach us that our gut-level beliefs about such things as motive and causation are often incorrect.  Courts should recognize that and approach duty-to-defend questions accordingly.

Wash. Federal Court Broadly Applies "Ongoing Ops" Exclusions

In a decision from mid-summer, Judge Rice of the Eastern District of Washington – a relatively new judge in a jurisdiction without a lot of coverage decisions – broadly applied what are known as the “ongoing operations” or “business risks” exclusions, completely voiding the damaged party’s recovery, demonstrating the devastating impact that subtle coverage issues can have, and emphasizing that pro-insured Washington isn’t always so friendly to creative coverage arguments. 

In Western Heritage Ins. Co v. Cannon, a general contract failed to compact fill soils before laying the foundation on a large custom home, resulting in structural failure of the building – signs of which were observed during the construction – and the home eventually being condemned.  The contractor stipulated to  covenant judgment, and the homeowner and carrier filed cross-motions for summary judgment in the ensuing coverage suit. 

The insurance carrier argued among other things that coverage was barred by the “j(5)” and “j(6)” exclusions, which in simple terms exclude from coverage property damage to “that particular part” of the property on which the insured was working if the damage occurred during ongoing operations (as opposed to a latent defect that causes damage after the project is complete).  The homeowner argued that the “particular part” was the fill that the contract failed to compact, which the property damage was to the foundation, and other parts of the structure.

The court didn't buy the owners’ argument.  The court noted that Washington courts have broadly interpreted the j(5)/j(6) exclusions, and rejected a comparable Arizona case adopting a narrow interpretation in similar loose-fill situation.  Judge Rice held, in essence, that the general contractor was working on the fill, and the house, at the time of the property damage, making all of the project “that particular part.” 

In most situations like this one there would be some property damage after completion of the project, and the contractor would have purchased what is known as “Products-Completed Operations Hazard” coverage.  But here the contractor appears not to have purchased that coverage.  So the court held that the owners were completely out of luck.  This is an excellent object lesson that Washington law is not always favorable to the insured, and that any owner contemplating a stipulated judgment arrangement needs to evaluate the considerable risks that they may come up empty-handed.

Wash. Fed. Court Orders Trial on AIG Defense Rates

The long-running federal court litigation between Washington company Coinstar/Redbox and its insurer, AIG, took a turn last week, with good news and bad for the policyholder.  The backstory: Redbox has been sued in several different jurisdictions for collecting information about its customers that it was not permitted to collect; the allegations are, generally, that Redbox used the information for its own marketing purposes or sold it to others.  AIG agreed to defend Redbox under a reservation of rights in all of the actions, but brought this action seeking to be excused from further defending.  Redbox counterclaimed, alleging that AIG had taken too long to reimburse it for defense costs and was trying to impose unreasonable caps on the attorney rates it would pay.  (A few weeks ago we reported on a discovery ruling, allowing discovery of what rates AIG pays defense counsel in other cases, and in coverage cases).

Several months ago the court granted AIG summary judgment on defense of one of those lawsuits; last week, the trial court granted AIG summary judgment on whether AIG had to defend the two other pending lawsuits.  That's the bad news, but somewhat unsurprising given the court's prior ruling and the breadth of the statutory-violation exclusion at issue.  That said, there is some puzzling language in the order about how AIG didn't benefit from delaying payment of defense fees - a strange statement in light of the publicity recently about insurance companies profiting from "the spread."

The good news concerns the rate dispute.  AIG had contended that its insurance policies, which contain standard duty/right to defend language, gave it the absolute right to control the defense and, along with that, set whatever rates it chose.  The problem for AIG is that it had allowed its insured to choose defense counsel, and had not attempted to control the choice of defense counsel.  So the court held that AIG had effectively given up the right to control the defense.  Moreover, the court observed that the insurance contract said nothing about controlling the rates, or what rates it would pay.  The court held, however, that AIG only had to pay "reasonable" rates, and that there was a question of fact about whether the rates that Coinstar had paid its lawyers was reasonable.  So that dispute will remain for trial.  It would not be surprising for this case to settle before that happens, however, as AIG may seek to avoid having any of the information about what it pays defense counsel in other cases from becoming public.

(The exclusion that operated here is typical of the broader trend toward excluding privacy-related risks, including data breach and other "cyber" risks - and is one of the reasons that many companies are looking to add specialized "cyber insurance" to their risk-management programs.  More to come on that point in this blog.)

WA Fed. Court Broadens When Insurer May Go Beyond Complaint to Deny Defense

In Allstate v. A.R., a late-July decision from a federal court -- the Western District of Washington -- the court held that an insurer may rely on facts outside the "four corners" of the complaint to deny the duty to defend if the issue is whether the plaintiff is an "insured" under the policy and therefore subject to an "insured-versus-insured" type exclusion.  In the underlying case a minor sued her mother for negligently permitting her to be alone with her grandfather, who abused the minor.  The mother's homeowner's insurance policy with Allstate had an exclusion for claims brought by another "insured" and defined "insured" to include any relative who "resided" with the insured defendant.  The underlying complaint did not specify whether the minor lived with her mother, although in fact the minor apparently did live with her mother most of the time, but also lived sometimes with her father, and with her grandparents.  Allstate investigated where the minor resided, and came to the conclusion that the exclusion applied.



In the coverage case the minor protested that Allstate was not permitted to go outside the "four corners" of the complaint and that doing so was bad faith.  The court noted that in Woo v. Fireman's Fund the Washington Supreme Court had held that an insurer can investigate facts relating to whether a defendant is an insured and rely on those facts in its defense coverage determination.  The court then extended the Woo reasoning to coverage Allstate's investigation into the minor's living situation, reasoning that the question Allstate was trying to answer was whether the minor was an "insured," and held that the exclusion did apply, and that Allstate had not acted in bad faith.



The problem with the court's reasoning, of course, is that Woo did not concern a policy exclusion, and Washington courts have held that an exclusion may not be the basis for a denial of defense based on extrinsic evidence.  The court's characterization in this case of Allstate's investigation as involving "insured status" is facile - what Allstate was really investigating was an exclusion.  And the court's extension of Woo to this situation is not supported by Woo's reasoning, which has everything to do with helping defendants get coverage.  Because of this flaw this case may be the subject of an appeal, so stay tuned.

Washington Federal Court Orders Broad Discovery of AIG Defense Rates

A significant win for policyholders in a discovery dispute over internal carrier records.  AIG and Coinstar/Redbox have been locked in coverage litigation in the Western District of Washington for some time over AIG's obligation to defend Redbox in several class actions alleging that Redbox has violated privacy laws in its handling of consumer information.  Redbox lost a critical motion in February, when the court granted AIG summary judgment on the duty to defend some of those claims because of a broadly-worded statutory violation exclusion.

But another aspect of the dispute is the rates that AIG has been paying Redbox's defense counsel.  It appears that Redbox chose counsel that it thought would do the best job, but that AIG has refused to pay those lawyers' full rate, instead only agreeing to pay "panel" rates.  Redbox, apparently, is paying its lawyers the difference between what AIG will reimburse and the full rate, and that differential is now over $2 million.  These kinds of disputes are, unfortunately, quite common in high-stakes litigation where companies want to choose highly-qualified counsel for themselves.

In an effort to show that AIG acted in bad faith in setting its rates, Redbox demanded information on the rates that AIG has paid to defend insureds in other similar cases, and what rates AIG pays counsel in coverage cases where it has to defend itself.  AIG naturally refused (what else would you expect?) asserting that the information is not relevant, that it is proprietary, and that compiling the information would be unduly burdensome.  AIG also attempted to limit the disclosure to the rates that the specific AIG unit that provided insurance to Redbox (National Union) pays, rather than AIG as a whole.

The court rejected all of these arguments.  First, the court held that AIG had opened the door to discovery of rates paid by AIG and all of its subsidiaries by admitting that there is an AIG-wide committee that evaluates law-firm qualifications and sets panel rates.  Second, the court held that nothing in the policy permitted AIG to unilaterally or unreasonably set rates paid to defense counsel, invoking not only Washington law that circumscribes insurer control of defense counsel, but also the duty of good faith and fair dealing (the subject of a recent post on this blog).  Third, the court held that AIG had failed to put in competent evidence that disclosure of the rate information would assist its competitors, and that an existing protective order would be sufficient to shield the information from public disclosure.  Overall, the court showed little patience with the insurance companies' bob-and-weave approach to disclosing critical information.

This decision is an important strike in the ongoing campaign by policyholder advocates to pull back the curtain on insurance company internal business practices that disadvantage insureds and allow insurers to profit.

Insurers Trying to Have It Both Ways on 'First Party' v 'Third Party'

Insurance carrier-side lawyers are celebrating the result in Cox v. Continental Casualty Company, a decision out of the Western District of Washington  in which Judge Pechman held that Washington's Insurance Fair Conduct Act (IFCA) does not apply to claims under liability policies because the policyholder there is not a "first-party claimant," and IFCA specifically refers to "first-party claimants" as the class the statute is intended to protect.  The Cox lawsuit was brought by a group of allegedly injured patients of a dentist who sued the dentist and then took an assignment of  the dentists claims against his malpractice carriers as partial satisfaction of their malpractice claims.  Malpractice insurance is simply one variety of liability insurance, sometimes referred to as "third-party insurance" because it is designed to protect the policyholder against claims brought by "third-party" others (that is, a party other than the two parties to the insurance contract: a "third" party).

In Cox the court took it upon itself to consider whether IFCA's purported limitation to "first-party claimants" means that all claims other than those by policyholders under traditional "first-party" insurance (such as fire insurance, or inland marine insurance) are outside the scope of the statute.  Judge Pechman held that IFCA only encompasses traditional "first party coverage"  insurance relationships, and not liability policies in which policy proceeds are paid to others.  In denying reconsideration of that initial ruling, the court ignored evidence presented by the policyholder that this is not the proper interpretation, including ambiguities in the language of the statute, the fact that liability coverage is often referred to as "indemnity" coverage, and that cases from Washington federal and state courts have applied IFCA to "third-party coverage" situations.  The trial court's decision is wrong, is in the minority, and is likely to be overturned if appealed.  

But for a contrasting view from the insurance industry itself, consider NW Pipe v. RLI Insurance.  NW Pipe is an environmental coverage case from Oregon involving a dispute between one of the larger corporate targets at the Portland Harbor Superfund Site and its primary-layer liability ("third-party") insurer.  The crux of the dispute is whether the limits of the primary-layer policies have been exhausted, meaning that the insurer is off the hook for defense costs.  In NW Pipe the insurer paid for a lot of cleanup-type work on the insured's property, the payment of which clearly eroded some of the limits of the policies.  But those limits were not fully eroded, and it appears that the insured intentionally did not have the insurance company pay for some items to prevent the policies from being exhausted.  Still, the carrier wanted out of its defense obligation, so it sent the insured a check for the balance of the limits (which the insured wisely refused to cash). The insurer then argued to the court that it could force the insured to take the insurance company's money to pay for things that the insured had not asked to be paid for, so that the policies would be exhausted.  You can see where I'm going here: the insurance company in NW Pipe was clearly unconcerned with the "third-party" aspect of this insurance policy (that is, protecting its insured against claims by others) and was completely focused on paying out small benefits to its policyholder in order to further the insurer's larger financial goals.

The insurance industry knows full well that the distinction relied on by Judge Pechman in Cox is only semantic, that liability coverage is fully as much for the benefit of the policyholder as fire insurance, and that policy proceeds in liability coverage are frequently paid directly to the insured.  NW Pipe is but one example.  Hopefully an appeals court will get a crack at the Cox decision and turn it around.

Wash. Court of Appeals Gets It Dead Wrong on What Is a "Suit"

Earlier this week Division One of the Washington Court of Appeals issued its much-anticipated decision in the Gull Industries v. State Farm litigation.  The issue was whether a letter from the state equivalent of the EPA constitutes a "suit" under a standard-form legacy GL policy (that is, a policy issued before the ISO form defined "suit").  Only if something constitutes a "suit" does the insurer have a duty to defend, which in the environmental context often means paying for very expensive investigations and studies of contamination and remediation options.  So there is potentially a lot at stake.

One word describes this Court of Appeals decision: wrong.  Confusingly enough, the decision starts off in the right direction, finding that the term "suit," undefined, is ambiguous.  That's in keeping with that other courts have found, including Oregon's courts.  That's where the decision falls apart: having found an ambiguity, the court should have applied the maxim that ambiguous terms are applied against the drafter (the insurer).  But without any discussion of that standard, rather than adopting a broad, policyholder-friendly interpretation, the court imposed a definition not drawn from any source reflecting the view of an ordinary purchaser of insurance (like the dictionary); rather, the court looked to what other courts had adopted as an interpretation, and picked and chose among aspects of those decisions that it preferred.  The interpretation adopted by the Court of Appeals for "suit" is this: something that "communicate[s] an explicit or implicit threat of immediate and severe consequences" if not responded to and is "adversarial or coercive in nature."

The letter sent by Ecology (the Washington state equivalent of EPA) was in response to a voluntary notification by the policyholder that pollution had been discovered and would be cleaned up.  Ecology told the insured, in response, that it was placing the site on a list of contaminated sites awaiting cleanup.  The letter did not explicitly tell the insured to do anything.  But, as noted by the court, the letter advised the insured that there were specific requirements in state law that cleanup efforts must adhere to.  Implied in that statement is the threat, drawn from the cleanup-requirements statute, that if those standards were not complied with, there will be enforcement action.  But the Court of Appeals completely ignored that reality, simply saying that the letter "did not advise" the insured of those consequences.

The approach taken by Division One has been rejected by many courts, including the Ninth Circuit in Anderson Bros. v. St. Paul Fire & Marine.  In Anderson Brothers the Ninth Circuit affirmed its observation in Aetna Cas. & Sur. v. Pintlar, that the realities of environmental statutes must be considered in deciding whether a communication from a regulatory agency that does not spell out every potential liability or ramification is a "suit."  In Gull Industries the reality was that the the insured, after self-reporting the contamination, was going to constantly be looking over its shoulder to see what Ecology thought of what it was doing.  That makes Ecology's letter a "suit."

The practical effect of decisions like this one is to discourage policyholders from voluntarily entering into agreements with regulators or self-reporting contamination and cleanup efforts.  Instead, policyholders are encouraged to bait regulators into taking explicitly "adversarial or coercive" steps.  That's bad for the environment and bad for the public.  It may be that the Court of Appeals was trying to goad Ecology into changing the wording of its letters, but there's no reason that the burden of solving this problem should be put in the hands of environmental regulators.  This may be a rare circumstance where Washington legislators and policyholder advocates can take a page from Oregon, and enact a Washington version of the Oregon Environmental Cleanup Assistance Act, which (as some of my colleagues have noted) contains a definition of the term "suit" that much broader than the standard adopted by the Washington court.

Washington Court Affirms Bad Faith Verdict In Excess of Stipulated Judgment

Clarifying Washington law, Division I of the Washington Court of Appeals has held that a jury is not limited in what it awards on a bad faith claim to the amount that the policyholder and the claimant had agreed to as the judgment in the underlying dispute.  The set up: in Miller v. Kenny a young driver crashed his car injuring himself and three passengers (the car actually belonged to one of the passengers).  Driver's insurer, Safeco, played games with policy limits and its evaluation of the case, putting the insured at risk of a significant judgment against him well in excess of policy limits.  The insured driver and one of the passengers agreed to a stipulated judgment against the insured that was over policy limits, with an assignment of the insured's claims against Safeco to the passenger, and a covenant that the passenger would not seek to enforce the judgment except to the extent of the passenger's rights against Safeco.  The parties followed Washington's procedures for a reasonableness hearing, and it appears that Safeco did not contest the reasonableness of the covenant judgment.  The judgment was for $4.15 million (exclusive of the policy limits, which Safeco paid).

But at the bad faith hearing the passenger, as assignee of  the policyholder's bad faith claim, put on evidence of damage to the driver caused by Safeco's bad faith that went well beyond the amount of the covenant judgment.  The jury ended up awarding the passenger/assignee $13 million, inclusive of the covenant judgment amount.  Post-trial the court added prejudgment interest, postjudgment interest, and attorney fees, and some of the damages award was trebled under the Consumer Protection Act. The final judgment was for $21,837,286.73.


On appeal, Safeco argued that under Besel v. Viking Ins. Co. of Wisc., 146 Wn.2d 730, 736, 49 P.3d 887 (2002), which held that the amount of a covenant judgment, when found to be reasonable, is the “presumptive measure of the insured's harm,” the jury cannot award more than the amount of the covenant judgment.  Not so, said the Court of Appeals in Miller; the covenant judgment is the presumptive floor to the insured's harm, but not a ceiling.  The Miller court went on to describe the different kinds of harm that the insured can suffer which may be provenin a bad faith action, above and beyond the covenant judgment amount:  damage to "credit rating, damage to reputation, loss of business opportunities, loss of control of the case..., loss of interest, attorney fees and costs, financial penalties for delayed payments, and emotional distress, anxiety, and fear."

Miller is an important milepost in Washington's evolving judicial recognition of the extraordinary power that liability insurers have over the lives of  their insureds, and the catastrophic harm that insurers can cause when they try to play things close to the vest in order to save themselves some money.  Miller may have the unfortunate effect of motivating carriers to contest reasonableness hearings, in order to get an early shot at reducing the net recovery on  a bad faith claim.  In the end, that will be a small price to pay for the benefits of this case (assuming that Miller is upheld by the Washington Supreme Court). 

Adjuster Read Canceled Policy, Denied Claim, Committed Bad Faith

One assumption that even many commercial-lines policyholders make is to assume that the insurance adjuster that they are dealing with is an "expert" on their insurance coverage (ref. "You're in good hands...").  As if anyone needed one more example that that simply is not a safe assumption to make, read in disbelief the case linked below, from Judge Suko in the Eastern District of Washington.  The insured tendered a massive lawsuit to its carrier, whose adjuster apparently read only a canceled policy form as part of his "investigation" prior to denial, and did not catch the fact that coverage was specifically provided by an endorsement to other policies.  Judge Suko very property found that reviewing the wrong policy is per-se bad faith on the part of an insurer.  Fortunately, in Washington the insured is at least in a position to be fairly compensated in extra-contractual damages for that kind of behavior, through Washington's robust bad-faith set of laws.  In Oregon, the story would be different, unfortunately.

DYE SEED, INC. v. FARMLAND MUTUAL INSURANCE COMPANY, Dist. Court, ED Washington 2013 - Google Scholar:

'via Blog this'

Washington Federal Court Permits Deposition of Carrier's Former Coverage Attorney

On October 30, 2013 Judge Martinez of the Western District of Washington permitted the policyholder in a long-running bad faith case to take the deposition of the carrier's former coverage counsel, Joanne Henry, about the coverage analysis that she performed for the carrier leading to the carrier denying the tender of defense.  This decision relied heavily on the landmark 2011 Cedell decision from the Washington Supreme Court which, broadly speaking, abrogated in part the attorney-client privilege where the attorney was acting as an adjuster, taking on one of the "quasi-fiduciary" roles of a potentially defending insurer.  Judge Martinez held that because the policyholder had reason to believe that Ms. Henry did the entire coverage investigation herself, in addition to performing legal analysis of the policy, the policyholder could take her deposition, although the carrier could object if a question that genuinely intruded into the privilege was asked.

Wa. Court of Appeals: Exhaustion of Primary Layer Means Actual Payment

In a new decision that has generated some interest nationally, the Washington Court of Appeals held November 12, 2013 that if an excess policy's attachment language is sufficiently restrictive, the excess policy will not be triggered unless the primary carrier actually pays the full amount of its limits.  In this case, Quellos Group LLC v. Federal Insurance and others, the insured financial advisory firm was called on the carpet by federal regulators for shady tax shelter schemes.  As often happens in such regulatory-type cases, involving disgorgement, fines, damages, and injunctive relief, there were many question about what the primary layer policy would actually cover.  Quellos and its primary-layer carriers settled those coverage disputes with the primary carriers paying Quellos less than full policy limits.  So far, so good.  Quellos then paid the difference between what the primary carriers paid and the primary limits, therefore reaching the "attachment point" for the excess layer policies.

Not so fast, said the Court of Appeals.  The Federal excess policy stated that coverage "shall attach only after the insurers of the Underlying Insurance shall have paid in legal currency the full amount of the Underlying Limit." The Indian Harbor policy stated that coverage "will attach only after all of the Underlying Insurance has been exhausted by the actual payment of loss by the applicable insurers thereunder."  The court read these provisions as literally requiring, as a pre-condition to any coverage, that the primary carrier itself pay the the full limits.  The court rejected Quellos' argument that these provisions should function like many of the other "conditions of coverage" that aren't really conditions at all, but are treated more like exclusions, where the carrier has the burden of showing that it was prejudiced in some way by the insured's failure to comply with the condition.  The court also rejected Quellos' public-policy argument, noting that there are policy forms available that allow the insured to do just what Quellos tried to do in triggering excess coverage.

From the policyholder's perspective this decision is bad news, and it is not in keeping with the general trend (with many exceptions) in Washington law to tackle coverage questions from a practical, policyholder-oriented perspective.  These excess carriers contracted to provide coverage only if a certain amount of liability was assessed and paid out.  What in the world does it matter to them who pays the underlying limit?  Unfortunately this decision is joining a trend in the case law nationally on this issue that is against policyholders.  Hopefully the Washington Supreme Court will accept review and overturn the decision.

Washington Supreme Court Confirms that Washington Insurance Defense Counsel Has One Client: Insured

The Washington Supreme Court has confirmed the long-standing rule in Washington that a lawyer hired by an insurance company to defend an insured has only one client -- the insured -- and that the insurance company is not a client in any respect. This case arose out of a mechanic's lien dispute and evolved into a title insurer malpractice claim against a law firm - an interesting enough situation on its own.  The basic facts are these: a lender for purchase of a piece of land, Sterling, hired a title company -- Stewart -- to make sure that it would have a first priority lien.   Stewart messed up:  a general contractor, Mountain West, had already started work, giving it first priority.  Sterling got sued when Mountain West tried to foreclose on its lien.  Stewart was the title company and also, as is usual, issued a title insurance policy providing liability coverage to Sterling.  Stewart agreed to hire Sterling a lawyer, the well-known and well-respected Witherspoon Kelley firm.  A dispute arose between Witherspoon Kelley and the insurer, Stewart, over strategy.  The case ended badly, and the insurer, Stewart, sued the law firm for malpractice.

The problem for the insurer, Stewart, was that under long-settled Washington law, an insurance company is not a client of the lawyer that it hires to defend its insured.  (That is a different rule than in Oregon, where the insurance company and the insured are both clients of the attorney, with the attorney's primary duty and loyalty to the insured.)  Stewart argued that although it was a "nonclient," because its interests were aligned with those of its insured, it was an "intended beneficiary" of the representation of the insured, and could sue.  The Washington Supreme Court said no, that the "intent" is to be viewed from the perspective not of the insurer, but of the insured and its attorney, and that neither the insured nor the attorney intended to benefit the insurer.  The court also rejected the argument that because the lawyer had a duty to keep the insurance company informed about the case, the lawyer owed the carrier a duty; that contractual obligation, the court found, did not create a duty of care running to the carrier.

The court's holding is consistent with Washington's generally protective attitude toward the attorney-client relationship in the insurance-defense context, and the protections that it has extended in the Tank case and after to policyholders being provided a defense by their carriers.  The court acknowledged that its holding is in conflict with the law in other states.  (No published case law on the subject exists in Oregon, but one would expect Oregon to come out differently than Washington - see above.)  But that, of course, is what makes practicing in the Northwest enjoyable - cross a river, and the law is different!

Wonder Why You Never Hear About Crop Insurance Coverage Disputes? Here's Why

Short decision today from the Washington Supreme Court reversing the Court of Appeals on enforcement of an arbitration clause in an insurance policy.  Here the farmer wanted to sue both the insurance broker and the insurer at the same time to avoid the risk of inconsistent decisions, and having to litigate in two fora.  That's a common issue.  What is notable about the case is the kind of insurance policy involved: crop insurance, which is one of those features of the ag business that most people don't know about.  Crop insurance is issued by ostensibly private companies but underwritten by the federal government, and claims under those policies are tightly governed by federal law.  Part of the law requires that claims be dealt with in a federal arbitration program with very limited rights of review.  The law is so tight that very few folks challenge the arbitrability of these claims, resulting in a whole body of insurance coverage law being created outside of public view (except for the very intrepid) in an industry where losses are frequent and sometimes enormous.  Whether that's good public policy is for others to debate, but at least you know why you don't see courts issuing decisions on crop losses.

Rely On "Certificates of Insurance" At Your Great Peril

I came across this new decision from the Ninth Circuit, on a Washington case (full disclosure: I learned of it courtesy of a national firm's "Lexology" article), and it reminded me of a point that I continually try to hammer home with clients and transactional lawyers, who deal in these things daily: a "certificate of insurance" is barely worth the paper that it is printed on, and is never a substitute for a thorough review of the insurance policy itself.

In this case a hospital contracted with a nursing staffing service to provide skilled nurses.  As part of the deal the hospital required that the nursing staffing service demonstrate that it had adequate liability insurance.  The staffing service provided a certificate of insurance, which the underwriter prepared, showing that it had $5m of insurance.  Great.  What the certificate didn't show was that there was a $1m self-insured retention (SIR), meaning that the staffing service was responsible for the first $1m of any loss.  A patient was injured and sued both the hospital and the staffing service; damages were slightly less than $1 million.  The hospital convinced the plaintiff to drop the claim against the hospital by showing plaintiff's lawyer the certificate indicating plenty of coverage.  Plaintiff dropped the hospital, but when it got a judgment against the staffing service within the SIR, the service could not pay, and declared bankruptcy.  The plaintiff succeeded in getting its claim against the hospital revived.  Hospital sued the insurance company and the underwriter claiming that the certificate was deceptive.  Problem: the certificate (a standard form) has no blank for SIR or deductible, despite the fact that that is absolutely critical information.  The Ninth Circuit agreed with the trial judge that the hospital had no claim.

Lesson: if you do not have a long-standing business relationship, don't just ask for the certificate of insurance when entering into any kind of contract where insurance matters (and there are few such contracts) - ask for the policy itself, with all declarations and endorsements, and have it reviewed by someone familiar with insurance policies and finding "holes" in coverage, like a large SIR.

Washington Court Smacks Down Lloyd's Effort to "Cook the Books"

Subcontractors on construction projects are commonly required to provide "additional insured" liability coverage to the general contractor.  The coverage is available to the extent that the general is liable because of the subcontractor's negligence - which is the case most of the time.  In Oregon it is rare for a subcontractor's carrier to actually agree to defend a general contractor because of a lack of bad faith exposure.  However, in Washington it is much more common, thanks to Washington's pro-policyholder coverage law.  That makes it much more expensive for the subcontractor's carrier, who has to defend two entities.  In this case the carrier for the subcontractor, Lloyd's, tried to terminate its obligation to defend the general contractor by paying for the subcontractor to settle with the underlying claimant, and including language in the settlement agreement "stipulating" that the subcontractor actually had no liability (obviously a subterfuge, because if that were true Lloyd's would not have settled the case).  Then Lloyd's stopped paying to defend the general contractor.  In a coverage action between the general's carrier (Zurich) and Lloyd's, Judge Bryan saw clear through Lloyd's breach of its duties to its additional insured, the general, denying summary judgment to Lloyd's for breaching a contractual duty to defend, and suggested that there may be a claim for bad faith in there as well.

We see these kinds of aggressive carrier tactics every day.  It is nice to see a judge calling a carrier out on it.


ZURICH AMERICAN INSURANCE COMPANY v. CERTAIN UNDERWRITERS AT LLOYD'S LONDON, Dist. Court, WD Washington 2013 - Google Scholar:

'via Blog this'

Washington and Now Idaho Limit Attorney-Client Privilege in Bad Faith Cases

My former colleagues at Bullivant Houser Bailey have done a nice job of summarizing two recent decisions, one from Washington and one from Idaho, limiting the application of the attorney-client privilege where outside coverage counsel participates in a fact investigation for coverage purposes.  Both decisions (Idaho's Stewart Title v. Credit Suisse in federal court, Washington's Cedell v. Farmers in state court) made it clear that an insurance company cannot seek to shield a coverage determination made in bad faith behind the privilege by using outside counsel, whether it's a first-party or a third-party coverage issue.  In both cases the insured sought discovery of counsel's work product to support a bad-faith claim.  It is hard enough to prove bad faith in either state; it's nice to see judges recognizing a common carrier tactic for what it is: an effort to make it nearly impossible.



'via Blog this'