March 1, 2016 by

Computer Data: Is It Tangible Property & Subject to “Physical Loss or Damage”?

Business policy holders were scratching their collective heads – for the purposes of insurance – to find out if stored data in the form of media, software, or programs are deemed “tangible property.” Alternatively, could computer data be subject to “physical loss or damage”?

Understandably, insurance buyers started looking into these two questions from the early days of the internet, at a time when the insuring agreements looked like commercial general liability or, alternatively, commercial property insurance policies. These policies looked in to the concepts of both “tangible property” and “physical loss or damage.”

Standard commercial general liability insurance (CGL) policies routinely protects the buyer against the liability of “property damage,” also defined as “physical injury to tangible property.” The standard commercial property insurance form also insures the buyer against “all risks of physical loss or damage.”

In the age of the internet and multimedia wherein computer data is all too relevant to everyday enterprise, it may come as a surprise that the commercial insurance policies concerning computer data is still unclear. This is despite the fact that:

  • Several insurers who offer both CGL and property policies have paid claims that involve computer data.
  • Certain off-the-shelf insurance forms brazenly recognize computer data as “tangible property” or subject to “physical loss or damage.”
  • Some insurers also take the position that computer data is, in fact, “tangible property” or subject to “physical loss or damage.”

The issue here is that some insurers might still challenge this general consensus in court if a claim comes in where in the policy does not plainly address the issue. The lack of a clear case law on this particular subject can leave commercial insurance buyers disillusioned and in the dark, unaware of the scope of coverage offered for computer data losses by their insurers.

Let’s take a look at some cases where court decisions dealt with the all-important question, specifically for insurance coverage.

Computer Data: Subject to “Physical Loss or Damage”?

Looking back, one federal court in Kansas may have been the first court to have issued a published decision that addressed the question of whether a first-party, standard-form policy would protect the insured party against the loss of computer data.

A meat packing plant purchased a computer system to help in tracking inventory efficiently and with controlled cutting. The computer system failed to retain the data that was stored in it when it went online. Quite simply, the lack of data meant the packing plant suffer a decrease in the number of orders and a lower yield than normal with carcass. [Home Indemnity Co. v Hyplains Beef, L.C., 893 F Supp 987 (D Kan 1995), aff’d without opinion, 89 F3d 859 (10th Cir 1996)).]

The court that observed the claim raised several questions including:

“Among these are whether there could in fact be a “direct physical loss” to the electronic data which was allegedly collected but never existed in a tangible form. Also, because the electronic data never existed in a usable form, was it in fact lost or rather did it never come into existence?”

The court, however, did not or could not answer this question. Instead, it stated that there was no coverage for the packing plant’s business-loss claim. The reason for the verdict? The decrease in plant efficiency did not result in a total “suspension” of the meat packing plant’s operations.

Is Computer Data “Tangible Property”?

Let’s take a case wherein both standard-form CGL insurance policies and a first-party employee theft policy collectively raised the question whether computer data was “tangible property,” for the purposes of insurance policies’ definition of “property damage.”

An early case from 1983 saw the insured party install a faulty controller in a data processing system belonging to one of its customers. This caused random data loss of the customer’s patient care and billing information. In taking the stance that the customer would not expressly be able to prove any “physical injury to tangible property,” the insurer refused to defend the claim. The court took the position that the insurer was obligated to defend the claim because there was the potential possibility of the customer proving that there may have been damage to tangible property. Since the only issue here was the duty to defend, the court did not go as far as deeming that computer data was – tangible property. [Centennial Insurance Co. v Applied Health Care Systems, Inc., 710 F2d 1288 (7th Cir 1983)]

Closer to the present, in 2000, a court had to decide whether the loss of computer data could be deemed “physical loss or damage” to property. In the spotlight was a federal court in Arizona that held that the loss of computer data was “physical damage” incurred by the insured claimant’s computer equipment. The insurance was filed under a business interruption policy. The company, Ingram Micro, suffered loss due to a brief electrical outage. During the outage, the company suffered the loss of its data processing capability at its data center hub location, for several days on end. The loss of productivity was due to the fact that the system’s default programming was replaced with its custom configurations.

In this case, the insurer argued that the computer system had not suffered any “physical damage” since the computers reverted to their default programming, fulfilling their inherent abilities to accept and process data. However, the court disagreed in this instance, noting that “physical damage” went beyond the physical destruction or harm of computer hardware circuitry. In a landmark verdict, the court deemed that “physical damage” also included the “loss of access, loss of use, and loss of functionality.”

While Ingram Micro did not specifically answer the question of computer data damaged was “physical loss or damage,” the company took the stand that when computer data stored in a computer is altered or changed, the computer suffered “physical loss or damage” right there. [ American Guarantee & Liability Insurance Co. v Ingram Micro, Inc., 200 U.S. Dist LEXIS 7299 (D Ariz Apr. 18, 2000)]

Where does this leave insurance buyers? In a follow up article, we will be looking at the arguments that insured claimants can make during the time of claiming. The article will also detail the different ways in which insurance buyers can address these issues during renewals of their policies.

 

About the author

Image of Author

Ondrej Krehel is the CEO and Founder of LIFARS LLC, an international cybersecurity and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.

Related articles

Former Rutgers Student Pleads Guilty to Creating Mirai Botnet

A former Rutgers university student is among three men who pleaded guilty to creating the dreaded...

Read more arrow_forward

Hackers Invade Safety System of Critical Infrastructure Facility

Hackers, presumed to work for a nation-state, recently hacked a safety system belonging to a...

Read more arrow_forward

New Ransomware ‘Spider’ Threatens Wipeout in 96 Hours

A new strain of ransomware discovered by security researchers encrypts files and gives victims a...

Read more arrow_forward