Retailers have an interest in knowing who their customers are and what they like buying. Some retailers request information like zip codes from their customers in order to determine other information about them to use in their marketing and advertising efforts. The California Supreme Court recently held that such requests, and the use of information culled from those requests, might expose retailers to liability. Retailers confronted with lawsuits asserting such liability should look to their comprehensive general liability (CGL), directors and officers (D&O), and errors and omissions (E&O) policies for "advertising injury" coverage. Insurance companies, however, often take an improperly narrow view of the broad advertising injury insurance coverage included in CGL policies. Understanding advertising injury coverage and other liability insurance allows policyholders to access valuable insurance coverage for privacy violation claims.
Coverage Under Liability Insurance
Depending on the form of CGL policy, advertising injury provisions may cover liability for intellectual property claims and privacy violations. Coverage includes payment of attorney's fees incurred in defending such actions, as well as potential recovery for settlements or judgments paid in such actions. Some CGL policies exclude coverage for privacy violations under the Telephone Consumer Protection Act, but, notably, do not specifically exclude coverage for violations of credit card protection laws.
Violations of Consumer Privacy
In Pineda v. Williams-Sonoma Stores, Inc., the Supreme Court of California addressed the 1971 Song-Beverly Credit Card Act which prohibits businesses from requesting that cardholders provide "personal identification information" during credit card transactions, and then recording that information. In Pineda , "Plaintiff sued defendant retailer, asserting a violation of the Credit Card Act." The plaintiff alleged "that while she was paying for a purchase with her credit card in one of defendant's stores, the cashier asked plaintiff for her zip code. […] Believing it necessary to complete the transaction, plaintiff provided the requested information and the cashier recorded it." The plaintiff further alleged "that defendant subsequently used her name and zip code to locate her home address." The Pineda court held that "a zip code constitutes 'personal identification information' as that phrase is used in section 1747.08 [and,] [t]hus, requesting and recording a cardholder’s zip code, without more, violates the Credit Card Act."
Other states have similar credit card consumer protection laws, so retailers have potential exposure to liability for violating consumer privacy nationwide. Indeed, it has already been reported that class actions have been commenced against retailers alleging violations of consumer privacy under credit card consumer protection laws.
Advertising Injury Provisions
Courts are just beginning to address whether there is coverage under CGL policies for violations of consumer privacy under credit card consumer protection laws. That said, courts have found that advertising injury provisions in CGL policies cover similar violations of privacy.
Courts have consistently found that advertising injury provisions in CGL policies confer a duty to defend and indemnify policyholders for so-called "blast fax" violations of the Telephone Consumer Protection Act, if the policy contains no express exclusion for these claims. For example, the Supreme Court of Florida in Penzer v. Trans. Ins. Co. answered a certified question from the U.S. Court of Appeals for the Eleventh Circuit regarding insurance coverage under the advertising injury provisions for unsolicited fax advertisements sent in violation of the act. The court held "that an advertising injury provision in a commercial liability policy that provides coverage for an 'oral or written publication of material that violates a person's right of privacy' provides coverage for blast-faxing in violation of the [Telephone Consumer Protection Act]."
Policyholders should argue that, like Telephone Consumer Protection Act violations, violations of credit card consumer protection laws are covered under their CGL policy's advertising injury provisions, specifically those providing coverage for "oral or written publication of material that violates a person's right of privacy." Policyholders also should consider tapping their D&O and E&O insurance to cover liability stemming from credit card consumer protection laws.
Do Not Take No for an Answer!
When insurance companies face novel claims, their first reflex is often to deny them improperly, forcing policyholders to fight for coverage. Insurance companies know that denying claims on even dubious grounds will induce a percentage of policyholders simply to walk away. Do not help pad their profit margins. If a claim falls under the advertising injury provisions of your CGL policy or other forms of liability insurance, do not take no for an answer.