InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
California judge limits plaintiffs’ ability to seek certain punitive damages in internet data breach
On March 9, the U.S. District Court for the Northern District of California partially granted a motion to dismiss limiting plaintiffs’ ability to seek certain punitive damages for data breaches. The court also held that the plaintiffs cannot seek claims under the California Customer Records Act (CRA). The consolidated litigation results from announcements that hackers had breached the defendant’s systems and accessed users’ personal information in multiple attacks between 2013 and 2016. While the court kept several claims alive, including one alleging company executives purposefully concealed the hacks and others related to good faith and fair dealing, the court found the plaintiffs had failed to establish when the company learned about the 2013 and 2014 hacks, which warranted dismissal of most of the claims brought under the CRA. With respect to the limit on punitive damages, the court held that there is no punitive remedy for the alleged breaches relating to the breach of contract and CRA claims. However, the court did allow the plaintiffs to seek punitive damages for concealment, negligence, and misrepresentation related to the executives’ alleged suppression of the breach.
10th Circuit upholds TCPA statutory damages as uninsurable under Colorado law
On February 21, the U.S. Court of Appeals for the 10th Circuit affirmed a district court’s decision that under Colorado law, an insurance company had no duty to indemnify and defend its insured against TCPA claims seeking statutory damages and injunctive relief. According to the appellate opinion, the FTC and the states of California, Illinois, North Carolina, and Ohio sued a satellite television company for violations of the TCPA, Telemarking Sales Rule (TSR), and various state laws for telephone calls made to numbers on the National Do Not Call Registry (FTC lawsuit). The FTC lawsuit sought statutory damages of up to $1,500 per alleged violation and injunctive relief. The defendant requested that its insurer defend and indemnify it for the claims pursuant to existing policies. The insurance company filed a complaint for declaratory judgment, seeking a declaration that it need not defend or indemnify the company in the FTC lawsuit. The district court determined that there was no coverage for several reasons, including: (i) that the statutory TCPA damages were a “penalty,” rendering them uninsurable under Colorado law; and (ii) that the injunctive relief sought did not qualify as damages under the policies’ definition. The 10th Circuit Court of Appeals affirmed both holdings, concluding that no coverage existed.