Skip to Content



California Court Holds Commercial General Liability Policy Covers Damages for Privacy Breach

Blogs, Insurance Coverage

In a recent decision, the U.S. District Court for the Central District of California held that the plaintiff/insured was entitled to a defense and indemnification under a commercial general liability policy for an alleged privacy breach. Hartford Casualty Insurance Co. v. Corcino & Associates, CV 13-3728 GAF (JCx) (C.D. Cal. Oct. 7, 2013).

Plaintiffs in the underlying action sued Stanford Hospital and Clinics and Corcino & Associates (“Corcino”) for the alleged dissemination of private medical information of almost 20,000 patients of Stanford’s Emergency Department on a public website. Specifically, the underlying complaints alleged violations of the patients’ constitutional rights of privacy, common law privacy rights, and violations of California statutory rights under the Confidentiality of Medical Information Act (“CMIA”) and the Lanterman-Petris-Short Act (“LPS”).

Following the commencement of the underlying action, Corcino sought a defense and indemnification from Hartford Casualty Insurance Company (“Hartford”) under a commercial general liability policy (“Policy”) issued by it to Corcino. Hartford accepted the defense with a reservation of rights and commenced a declaratory judgment action seeking a declaration that it had no obligation to defend and indemnify Corcino with respect to the underlying litigation.

Coverage B – Personal and Advertising Injury” – of the Policy provided coverage for amounts that Corcino was legally obligated to pay as damages “because of … electronic publication of material that violates a person’s right to privacy.” However, this coverage was subject to various exclusions. In particular, the Policy carved out by way of exclusion:

[P]ersonal and advertising injury… arising out of the violation of a person’s right to privacy created by any state or federal act. However, this exclusion does not apply to liability for damages that the insured would have in the absence of such state or federal act.

In its complaint, Hartford did not dispute that the underlying litigation involved claims that Corcino violated the underlying plaintiffs’ rights to privacy. Instead, Hartford argued that there was no coverage because the statutory relief sought in the underlying litigation fell within the above-stated exclusion.

The California Federal Court granted Corcino’s motion to dismiss with prejudice. In its decision, the Court reiterated the general rule that “insurance coverage is interpreted broadly so as to afford the greatest possible protection to the insured, whereas exclusionary clauses are interpreted narrowly against the insurer.” Applying this rule of construction, the Court held that the Policy’s exclusion did not bar coverage because the patients’ right to privacy existed as a constitutional and common law right long before California’s CMIA and LPS statutes were enacted. In other words, the patients’ claims of violations of their right to medical privacy were valid causes of action even without the California statutory violations and therefore fell within the exception to the exclusion.

The Court went on to find that Hartford would be obligated to indemnify Corcino for any statutory penalties awarded under CMIA and LPS. The Court reasoned California’s statutes did not create new privacy rights but rather created effective remedies for the breach of an established privacy right. Therefore, the Court held that statutory damages awarded under CMIA and FPS fell within the Policy’s coverage.

 For a complete copy of Order click here