Is Computer Data "Tangible Property" or Subject to "Physical Loss or Damage"?—Part
2
November 2001
In this second of a two-part article, Catherine
Rivard and Michael Rossi address these questions and discuss the lack of a definitive
answer by the courts. They also reveal some of the ways insurers are responding
to the property and liability risks associated with computer data.
by Catherine L.
Rivard and Michael A. Rossi1
Insurance Law
Group, Inc.
In our last article, we pointed out that in the
year 2001 there has been no definitive answer from the courts as to whether
electronically recorded or stored information—for example, data, programs, software
and other media (hereinafter "computer data")—is "tangible property." Nor has
there been any definitive answer from the courts as to whether computer data
is subject to "physical loss or damage." We found the lack of definitive case
law to be somewhat surprising after the flurry of early 1990s decisions in which
some courts suggested these were important questions that should be explored.
Without definitive guidance from the courts, many companies are asking what
to do at claim time as well as what to do at renewal time. This article will
address these questions and more, as we reveal some of the ways in which insurers
are reacting to the property and liability risks associated with computer data.
What Can the Policyholder Do at Renewal Time?
As we showed in Part 1 of this article, the case
law seems to be trending in the direction of the policyholders with respect
to whether computer data is "tangible property" and whether the loss of computer
data constitutes "physical loss or damage." Still, without more definitive guidance
from the courts, a hotshot claims adjuster can create a nightmare for a policyholder
with a claim involving lost computer data. As a result, some buyers of business
insurance have been looking beyond the standard-form language of their policies,
asking their insurers to address e-commerce issues with explicit language in
the policies.
Express Language to Address Computer Data Losses
Some companies have found that the simplest way to address the question of
whether computer data is "tangible property" in general liability policies is
to add specific language defining "tangible property" to include software, programs,
and data. This strategy is the mirror image of some technology errors and omissions
(E&O) policies, which expressly state that data, programs, and software are not tangible property and therefore
are not excluded under the "property
damage" exclusion typically found in such E&O policies.
First-party property claims often involve some tangible medium that can be
considered damaged if data that was stored there is erased. Thus, the threshold
concern with respect to property policies is the concern over whether the covered
perils are defined broadly enough to include the causes of loss that computer
data is likely to be subject to. To address this concern, some companies are
asking their property insurers to confirm in explicit policy language that disruption,
corruption, deletion, theft, or copying of data, software, or programs is deemed
to be "physical loss or damage."
This simple modification, however, may not be enough to ensure adequate coverage
for computer data losses. In the context of a first-party property loss, the
question of whether the loss was caused by a covered peril is only the beginning.
Nearly as important is the question of how much coverage the policy affords.
Valuation provisions can be critical when it comes to computer data losses.
Some policies contain language that limits coverage for loss of information
stored on media to the cost of the blank media. When both the insurer and the
policyholder agree that computer data is to be covered, the valuation clause
should provide for coverage for the cost of restoring the data from backup,
as well as for the cost of replacing or reconstructing the data if backup data
is not available.
Another wrinkle in the valuation of computer data losses is the cost of establishing
that lost data cannot be replaced or restored. Some commercial property insurance
policies provide that if lost data is not restored or reconstructed after a
period of time, say 1 or 2 years, there is no coverage at all. But what if—after
much effort—it is discovered that the data cannot be reconstructed? Policyholders
may want to negotiate a provision granting coverage for the sometimes substantial
cost of making the determination that reconstruction of data is impossible.
And the desire to address these issues should not be limited to commercial
property policies. Policyholders should consider addressing the same issue in
commercial crime policies. Some crime policies limit coverage to loss of money,
securities, or "tangible property." Some crime policies also have very narrow
valuation provisions for losses involving computer data (expressly stating that
the cost to restore lost data is not covered).
And all crime policies we have reviewed to date lack specific, and favorable,
valuation provisions for computer data like that which is typical in commercial
property policies.
The foregoing paragraphs discuss only a sampling of the issues that are likely
to arise with respect to coverage under standard general liability, property,
and crime policies for losses to computer data. Space does not permit a full
discussion of every typical policy provision that could impact the existence
or extent of coverage for computer data losses. As always, an insurance buyer
should review the policy provisions carefully while at the same time trying
to imagine how that language may be applied to a computer data loss.
Some Insurers Respond Negatively
It is true that some companies have been successful in negotiating express
language in their policies to clarify the existence of coverage for computer
data losses. But there is no guarantee that all insurers will agree to include
the clarifying language, or that any insurer that does agree will do so for
all insureds. In fact, a few insurers—spurred by new computer virus and/or computer
data exclusions in their reinsurance treaties—have been inserting similar computer
virus and/or computer data exclusions in their insureds' policies at renewal.
Thus, at least some insurers are taking the bull by the horns and are themselves
proposing policy language that diminishes, rather than clarifies, coverage.
When an insurer proposes to add a new computer virus and/or computer data
exclusion, the policyholder should check the language of the exclusion very
carefully. Some of the new exclusions only apply to losses caused by a computer
virus. The fact that such an exclusion is contained in the policy may imply
that computer data losses are covered as long as the cause of loss is not a
computer virus. But some insurers are going beyond simply excluding losses caused
by computer virus. Some of the new exclusions expressly disclaim coverage for
any corruption or deletion of, or detrimental change to, or loss of use, impairment
of use, or loss of functionality of computer data or software.
Each policyholder's situation is different, and each will be faced with a
decision: whether to (1) seek another market; (2) knowingly assume the risk
of "going bare" with respect to computer virus losses, or any computer data
losses, as the case may be; or (3) purchase a specialized "e-commerce" policy
and undergo a rigorous underwriting process with extensive involvement of the
policyholder's information technology personnel.
In the meantime, some policyholders will be faced with claims triggering
policies that do not contain clarifying language of any kind. What might those
companies be able to do at claim time?
What Can the Policyholder Do at Claim Time?
Companies that have been proactive in addressing coverage for computer data
in their insurance policies—up-front, before a claim is made or a loss is suffered—will
have greater peace of mind knowing that claim-time surprises have been minimized.
But there remain many companies that have not yet even thought to bring e-commerce
issues to the table when negotiating their insurance policies. And even those
companies that are negotiating favorable provisions covering computer data losses
may yet face claims under prior policies that are silent with respect to the
treatment of computer data.
Without any clear answer from the courts, coverage for any individual claim
may well turn on factors such as the state of the market, the relationship between
a particular policyholder and its insurer, and the size of the claim. Still,
a policyholder faced with the insurer's denial of coverage will have ammunition
toward getting its claim paid.
Arguments in Favor of Coverage for Computer Data Losses
In the case of a third-party liability claim submitted under a commercial
general liability (CGL) insurance policy, the case law (discussed in our last
article) tends to support the notion that computer data is tangible property,
particularly when merged into a medium such as a disk or hard drive. Many computer
data claims can be characterized as claims involving damage to the medium in
which the data was stored. Thus, a policyholder may argue that when data is
accidentally erased from a disk, the disk ("tangible property") has been altered
and thereby damaged. This same strategy could be successful in first-party claims
as well. Altering the arrangement of electrons on a disk or hard drive is a
physical change in the structure of the disk or hard drive.
One fact that weighs in favor of policyholders is that most insurers have
paid claims involving computer data over the last several years, setting up
precedent that could make it difficult for other insurers to march in the other
direction. Although some insurers' introduction of computer data exclusions
may make renewals more challenging, the fact that such insurers thought it necessary
to add an express exclusion implies that these insurers expect computer data
would have been covered in the absence of the exclusion. At the very least,
it is evidence that a reasonable insured could have read the pre-exclusion language
to include such coverage.
The Tax Cases
Faced with a scarcity of decisions interpreting insurance policy language
in computer data loss cases, some policyholder attorneys have turned to tax
law to supply answers to the question of whether computer data is tangible property.
A court that is called on to decide whether computer data is subject to taxes
on "tangible property" cannot duck the question, as the courts in the insurance
cases have done. Still, although courts in tax cases have reached answers to
difficult questions, there is no consensus as to the correct answer. Thus, even
if the tax cases can be considered predictive of whether the loss of computer
data will be considered "physical damage" to "tangible property," the forecast
varies depending on which state's courts are involved.
For example, in South Central Bell Telephone Co.
v Barthelemy, 643 S2d 1240 (La 1994), one of the leading cases in this
area, the Louisiana Supreme Court held that certain software programs were taxable
"tangible personal property." Central to the court's reasoning was the fact
that the intellectual content was affixed in a tangible physical medium. As
the court explained,
When stored on magnetic tape, disc, or computer chip, this software,
or set of instructions, is physically manifested in machine readable form
by arranging electrons, by use of an electric current, to create either
a magnetized or unmagnetized space.... The software at issue is not merely
knowledge, but rather is knowledge recorded in a physical form which has
physical existence, takes up space on the tape, disc, or hard drive, makes
physical things happen, and can be perceived by the senses.... The purchaser
of computer software desires nor receives mere knowledge, but rather receives
a certain arrangement of matter that will make his or her computer perform
a desired function.... One cannot escape the fact that software, recorded
in physical form, becomes inextricably intertwined with, or part and parcel
of the corporeal object upon which it is recorded, be that a disk, tape,
hard drive, or other device. (Id.)
After Barthelemy, the Utah Supreme Court suggested
that the notion of "tangible property" might extend beyond data-as-embodied-in-a-medium
to the electronic signals themselves in South Central
Utah Tel. Assn. v Auditing Div. of Utah State Tax Commn., 951 P2d 218,
223–24 (Utah 1997).
Courts elsewhere, however, have held otherwise. For example, in Northeast Datacom, Inc. v City of Wallingford,
563 A2d 688, 691–92 (Conn 1989), the Connecticut Supreme Court determined that
the state's property tax on "tangible personal property" could not be assessed
on data, but only on the value of the magnetic disks and tapes on which the
data was stored. The court drew a sharp distinction between "tangible" and "intangible"
property, explaining that tax assessor had improperly attempted to tax the intangible
incidents of the software, such as the right to produce and sell copies of the
software and the right to license its use to others.
An Arizona court likewise held that its state property tax scheme, long construed
to be inapplicable to intangible property due to the state's failure to devise
a method of valuing intangible property, would not apply to computer software.
See Honeywell Information Sys., Inc. v Maricopa County,
575 P2d 801, 803 (Ariz App 1977).
The view that computer data is not "tangible property" is not confined to
older decisions. Just last year, a Florida appellate court, though conceding
that the question was difficult, found that computer data was not "tangible
property" for purposes of the state's ad valorem tax. See Gilreath v General Electric Co., 751 S2d 705,
708–09 (Fla App 2000).
Thus, even if the tax cases can be considered as precedent for the questions
of whether the loss of computer data will be considered "physical damage" to
"tangible property" under an insurance policy, the precedent may be favorable
or unfavorable to policyholders depending on which state's courts are involved.
Also, other factors make it difficult to gauge whether courts attempting to
interpret insurance policies are even likely to follow precedent developed in
tax cases. The outcome of a tax case may rest on the attitude of a state's courts
toward taxation, which may have little or no relevance to the enforcement of
private contracts.
A presumption against taxation may be the deciding factor if the court determines
the language in a tax statute is ambiguous, while ambiguous language in an insurance
policy usually works in favor of the policyholder. But the precedents exist,
giving ammunition to lawyers for both insurers and insureds that may seek to
press the issue in litigation.
Summary and Upcoming Articles
We hope that this article proves useful for policyholders, brokers and others
in the insurance industry as we all try to grapple with these very important
issues, which will arise time and again in the coming months during renewals
and at claim time. We will continue to monitor these issues, both from a claims
perspective and policy renewal/placement perspective, and attempt to provide
useful updates in this column.
In the meantime, we feel compelled to turn our attention to two different
issues in coming articles. In our next article we will address the question
of whether there is any difference between "professional services" as covered
by professional liability policies, and Business-to-Business and Business-to-Consumer
e-commerce activities. Do professional liability policies cover claims arising
from such activities (i.e., are B2B and B2C e-commerce activities covered professional
services)? Our upcoming article represents an evolution of our thinking as expressed
in our articles from last year, given several developments we have witnessed
since we wrote those articles.
The article after that will provide a report on what we are seeing in the
first-party e-commerce insurance market. As reported earlier, and as alluded
to in this article, we are seeing greater insistence on the use of computer
virus exclusions and an unbelievably broad computer data exclusion by property
insurers. We believe that any policyholder who is not absolutely certain that
it will be able to avoid such exclusions on its next property renewal needs
to prepare itself now to be able to
buy a first-party e-commerce insurance policy on the renewal date of its property
program. Otherwise the policyholder might get "blindsided" at the renewal of
its property program and have to bear uninsured computer virus risk (or worse,
computer data risk) until it can scramble quickly enough to put together a first-party
e-commerce insurance program (which we are seeing is no simple or quick task).
1This article was written by Catherine
Rivard and edited by Michael Rossi.
Catherine
Rivard is Senior Risk Management Counsel at Insurance Law Group,
Inc., a law firm providing legal services to middle-market and multinational
corporate risk managers. She advises on initial placements and renewals (including
e-commerce issues), manuscripts insurance policies, and handles disputed claims
outside of litigation. She previously was a partner of Troop Steuber Pasich
Reddick & Tobey, LLP. Ms. Rivard has represented policyholders in insurance
matters since the mid-1980s. She developed the first arguments for "personal
injury" coverage in asbestos-in-building and environmental claims. More recently,
she wrote briefs in Alpha Therapeutic Corp. v Home Insurance
Co., 90 Cal App 4th 1330 (2001) (single-occurrence multi-injury claim
not limited to single policy year's limits).
Ms. Rivard is a member of the State Bar of California and
the American and International Bar Associations. She earned her JD degree in
1986 from Northwestern University and her AB degree in political science, cum
laude, in 1982 from Occidental College. Ms. Rivard can be reached by e-mail
at crivard@inslawgroup.com.
Opinions expressed in Expert Commentary articles are those of the author and are
not necessarily held by the author’s employer or IRMI. This article does not purport
to provide legal, accounting, or other professional advice or opinion. If such advice
is needed, consult with your attorney, accountant, or other qualified adviser.