Upon learning that his obituary had been published in the New York Times, Mark Twain famously quipped, “Reports of my death have been greatly exaggerated.” The same can be said about class action lawsuit filings after the Supreme Court’s decisions in Wal-Mart Stores, Inc. v. Dukes, 131 S. Ct. 2541 (2011) (plaintiffs required to show convincing proof of a companywide discriminatory pay and promotion policy to proceed with an employment discrimination class action), and AT&T Mobility LLC v. Concepcion, 131 S. Ct. 1740 (2011) (enforcing AT&T’s individual claim dispute arbitration procedures in lieu of class actions). Despite predictions of their demise in the wake of those decisions, class action filings remain alive and well, especially in the areas of privacy/data breach, fair wage and labor, and securities claims.
Even with the continued prevalence of class filings, receipt of a class action complaint can be a startling event for any company, particularly one that is not accustomed to litigation. But one of the most important things any class action defendant should do immediately is examine whether the lawsuit potentially triggers any of the policies in the company’s insurance portfolio. Insurance coverage can mean the difference between bankruptcy and survival for a business confronted with possible “bet the company” litigation. Defense against even meritless class action claims can be hugely expensive, even if the case eventually is dismissed or class certification is denied.
General Insurance Coverage Considerations Upon Receipt of a Class Action Complaint
Class actions claims can raise some unique insurance coverage challenges, but generally, issues of whether an insurer has a duty to defend and indemnity a class action claim are analyzed no differently from any other claim. The four corners of the complaint must be examined against the terms of the insurance policy. The mere possibility that any of the claims alleged in the complaint could be covered usually is enough to trigger an insurer’s defense obligation for the entire case. From the standpoint of a class action defendant, an immediate defense, sometimes called “litigation insurance,” is often the most crucial feature of a liability policy’s coverage.
All liability policies, regardless of whether they are occurrence-based or claims-made, have time-sensitive notice provisions that cannot be ignored. Providing notice of a class action lawsuit under all potentially implicated policies must be a priority when an entity is confronted with a class action lawsuit. Insureds should not wait to see if a class is certified before providing notice.
Deciding what policies are potentially triggered by a class action lawsuit can be tricky because the complaint may not contain complete information about important details impacting the insurer’s coverage obligations. For example, even if there are comprehensive allegations concerning injury to the named plaintiff, the complaint may not set forth similarly precise allegations about the insured’s alleged wrongful conduct as to other putative class members. But because the duty to defend is generally very broad, insureds should protect themselves by erring on the side of providing notice under all potentially impacted policies. Failure to do so can bar coverage in certain circumstances.
An insurer whose coverage is only potentially implicated likely will agree to provide a defense under a reservation of rights. But if it later becomes clear that the claim is not covered, the insurer may be able to terminate its defense of the class action. Whether an insurer is entitled to reimbursement of defense costs in such a circumstance is a matter of individual state law. Insureds should seek the advice of counsel if an insurer requests that the insured agree to such reimbursement in exchange for the insurer agreeing to defend at the outset of the class action lawsuit.
Privacy Violation/Data Breach Class Actions
Entities that experience a breach are instantly thrust into a crisis situation. They must identify and remediate the breach, notify affected individuals and possibly government authorities, pay regulatory and/or credit card industry fines, and deal with a public relations fall out — all while trying to keep the business going. And if that’s not enough, more and more often, the breach culminates in the filing of a class action lawsuit.Coverage for privacy violation class actions might be found under certain provisions of traditional liability policies, such as commonly used commercial general liability (CGL) forms, but that can be an uphill battle. For example, electronic data may not be considered “tangible property” that would be covered under such policies, and many CGL policies now specifically state that it is not. But most policies provide some coverage for invasion of privacy claims, which could come into play when a data breach results in the disclosure of confidential personal information. And in a recent Sixth Circuit case, Retail Ventures, Inc. v. Nat’l Union Fire Ins. Co., 691 F.3d 821 (6th Cir. 2012), the court held that a computer fraud rider to a “Blanket Crime Policy” provided coverage for a hacker’s theft of customer credit cards and checking account data.
Unlike traditional policies, cyber insurance was specially designed to apply to data breaches. Most policies provide first party coverage for business interruption, breach remediation, notification to affected parties, including credit monitoring, public relations assistance, and damage to digital assets. Third party coverage is provided for third party lawsuits and regulatory actions arising out of a breach and media liability. Many policies also cover regulatory and payment card industry fines. Cyber insurers often have panels of specialized professionals who immediately spring to action in the event of a breach so that its effects can be mitigated. Because time is of the essence for legal, regulatory and reputational reasons, the special benefits of cyber insurance can be invaluable to an entity suffering a data breach.
Wage and Hour Claims
A number of exclusions in CGL policies, particularly the Employment Related Practices and Intentional Acts exclusions, are likely to apply to many employment-related claims. In addition, because the plaintiffs in such cases often claim to have suffered emotional distress and similar damages, the alleged harm may not constitute an occurrence under a CGL policy, unless the governing state law considers such claims to be “bodily injury” within the meaning of the policy.
Employment Practices Liability (EPL) policies are specifically designed to respond to employment-related claims. EPL policies provide coverage for a variety of claims, including wrongful dismissal, harassment, discrimination and failure to adopt adequate workplace or employment policies and procedures. But likely as a result of the proliferation of wage and hour and Fair Labor Standards Act (FLSA) class actions, many EPL policies now expressly exclude such claims. But just several months ago, at least one insurer (Marsh Inc.) introduced a new policy that will reimburse companies for defense costs, settlements and judgments for claimsfor violations of FLSA or similar state and local laws.
Although securities filings were down in 2012 compared with 2011, they still dominate the litigation landscape. They include claims based on breach of fiduciary duty, including merger objections, shareholder derivative suits, securities fraud and violation of the Foreign Corrupt Practices Act (FCPA). Suits against financial institutions continue to be most prevalent in the wake of the recent credit and subprime crises. Unfortunately for the defendants in these cases, lower trends in case filings are not resulting in lower defense costs, in part because additional claims, such as shareholder derivative and ERISA claims often are now included in securities class actions. Broadly speaking, class action lawsuits resulting from these events are based on claims that the defendant corporation’s directors and officers had knowledge of various risks and failed to make adequate disclosures, breaching their fiduciary obligations and causing loss to investors.
Directors and Officers (D&O) insurance is designed to provide coverage for board members and officers of the insured company against losses that may result from alleged errors in judgment, breaches of duty, or wrongful acts in the course of their work for the insured entity. Errors and Omissions (E&O) insurance covers liability for acts and omissions in the performance of professional services. D&O and E&O policies, as well as any Personal Director’s Liability policies, should be closely reviewed immediately upon receipt of any securities-related class action complaint. Importantly, because such policies are written on a claims-made basis, insureds must be particularly conscious of providing notice under any potentially implicated policies on a timely basis.
Insurance coverage can provide a lifeline to companies that have been targeted by a class action lawsuit. Even unfounded class actions can be costly to defend and resolve. The crucial take-away message is that all existing insurance policies should be examined for potential coverage immediately upon receipt of any class action complaint, and notice to all possibly impacted insurers should be provided without delay