Notes on DRI's Upcoming Data Breach & Privacy Law Conference

It’s not possible to ignore data breach and cyber security issues anymore, even if you want to and even if, as a lawyer, you think it is outside your practice area and instead the responsibility of some other group of lawyers in your firm. I have written before on this blog about the significant importance of these issues to benefit plans and their vendors, as they control more personal financial and identifying data than almost any other entities operating in the United States economy. At this point, you cannot even open up the Wall Street Journal without coming across news of a major data breach or related legislative or industry activity. A couple of years ago I spoke nationally to a major financial and insurance company on the risks and the nature of insurance coverage for them, including under cyber policies (you can find my slides here), and things have simply ratcheted up exponentially since then.

Colleagues of mine at the DRI are hosting DRI's inaugural Data Breach & Privacy Law conference in Chicago on Sept. 11-12, 2014. The conference will cover everything from the Anatomy of a Cyber Attack to the Theories of Civil Liability for a Data Security Breach to the Insurance Coverage Issues Implicated in Data Breach Claims. You can find the brochure and registration materials here.

Of interest to me is the focus on insurance coverage issues, which was also the focus of my earlier talk on the issue of data breaches. It’s interesting to me because, as some of you may know from previous posts and articles or from hearing me speak, my view of insurance coverage law is animated by my more than quarter century experience working with it, going back to the tail end (that’s an insurance coverage pun, get it?) of the asbestos coverage wars and the start up of the environmental coverage wars. When you look back over the history of the field, coverage lawyers – especially on the policyholder side - were able to build huge practices in the ‘80s and ‘90s on the back of those types of big ticket exposures, and many have spent the decades since looking for the next big ticket coverage disputes that could sustain such practices, generally without finding anything comparable. Do you remember Y2K? Policyholder-side coverage lawyers were bulking up – at least in their marketing – in anticipation of a big boom in losses and related coverage disputes, but that boom went bust almost as soon as the calendar flipped. Some, incidentally, who had a long enough history in the industry anticipated that, as I can remember Jerry Oshinksy, who built one of the largest policyholder side practices of the asbestos/environmental coverage era, commenting in 1999 that Y2K would not generate the work driven by that earlier era. Data breach, though, may finally be that new area of liability that generates large amounts of coverage work that coverage lawyers have been waiting for since the Wellington Agreement came into being, the California Coordinated Asbestos Coverage trial ended, and Superfund prosecution wound down, given the scale of the breaches we now see on a regular basis.