In Carolina Casualty Insurance Co. v. Red Coats, Inc. d/b/a Admiral Security Services, Inc., the U.S. District Court for the Northern District of Florida ruled that the cost to provide free credit protection services to individuals whose confidential medical information was contained on stolen laptop computers did not constitute “property damage” under two commercial general liability insurance policies.

The insured (Red Coats, Inc.), a full-service contract management company that provides security, janitorial and alarm services, entered into a contract with AvMed, Inc., a provider of health coverage plans to members and subscribers throughout Florida, to provide security services at AvMed’s Gainesville, Florida, facility. Shortly thereafter, two of AvMed’s laptop computers were stolen from its Gainesville facility. As HIPAA-protected information was contained on at least one of the stolen laptops, AvMed notified the affected subscribers/members and provided each of them with two years of free credit protection services.

AvMed thereafter filed suit against Red Coats, alleging that one of Red Coats’ security guards committed the subject theft (alleging claims against Red Coats for breach of contract, fraud, negligent hiring, retention and supervision, and vicarious liability). Red Coats then made claims against each of its five insurers (including two commercial general liability carriers, an employment practices liability carrier, and two crime carriers), all of which denied coverage. After Red Coats and AvMed settled their dispute, Red Coats’ employment practices liability carrier filed a declaratory judgment action, seeking a decree of no coverage. In response, Red Coats counterclaimed against each of its insurers. The parties filed cross-motions for summary judgment, which were decided by the court on April 22, 2014 (the crime carriers resolved prior to the disposition of summary judgment).

The commercial general liability policies defined “property damage,” in pertinent part, as “loss of use of tangible property that is not physically injured.” Notably, those policies specifically excluded from the definition of tangible property “electronic data,” defined as “information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD-ROMS, tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment.”

The U.S. District Court for the Northern District of Florida ruled that, with regard to Red Coats’ commercial general liability policies, “the loss of use of the laptops was not the problem – AvMed has a lot of other laptops – the problem was that others could access the HIPAA data. At best, the only coverage would be [the] cost of getting new laptops; there would be no coverage for the HIPAA information and any other data or programs on them, since they would represent electronic data, which is expressly excluded from coverage. Simply put, this is not property damage in any ‘man on the street’ definition of the term. . . . [I]t is an economic loss claim which is not covered by the [commercial general liability policies].” The court also rejected Red Coats’ argument that coverage existed under its employment practices liability policy.

Red Coats has appealed the Northern District’s decision to the Eleventh U.S. Circuit Court of Appeals (with briefing to be completed by November 14, 2014).