1. Primary Insurers Can Sue One Another for Bad Faith

Seneca Ins. Co. v. Blackboard Specialty Ins., 2024 WL 4212288 (Cal. Super. Sep. 09, 2024)

Takeaway: A settling primary insurer may sue a non-settling primary insurer for bad faith if it

can allege a complete risk transfer (subrogation) as opposed to a risk sharing (contribution).

Judge Kevin C. Brazile of the Los Angeles Superior Court ruled in favor of TittmannWeix’s client,

Seneca Insurance, finding it could sue a non-settling primary insurer, Blackboard Specialty, for

bad faith and attorney’s fees. Traditionally, bad faith claims are exclusive to policyholders or

excess insurers standing in the shoes of the policyholders. This matter is unique because Seneca

and Blackboard are both primary insurers, and Blackboard argued that the proper cause of action

was contribution rather than bad faith. However, Seneca argued that it could assert an equitable

subrogation theory by alleging a complete transfer of risk (rather than a simple sharing), thus

supporting the claim for bad faith and attorney’s fees. Judge Brazile reasoned that, even though

they were both primary carriers, Seneca properly pled that their different times on risk and

application of certain policy defenses potentially allowed a complete transfer of exposure

(subrogation) rather than a mere sharing (contribution).

Moreover, because subrogation allows an insurer to “step into the shoes” of its insured, Seneca

could pursue a bad faith claim against Blackboard and potentially recover its attorney fees. The

ruling is citable and clarifies California law around equitable subrogation and bad faith as

between primary insurers who share risk at the same layer but different time periods.

2. Media Policy Does Not Cover BIPA Class AcDon

Tony Finer Foods v. Certain Underwriters, 2024 IL App (1st) 231712, __ N.E.3d __ (Sep. 10, 2024)

Takeaway: Employer’s alleged violation of employees’ BIPA rights does not qualify as a “data

breach” or “security failure” because the employer authorized the actions; no duty to defend.

In a 2-1 split decision, the Illinois Court of Appeal ruled that alleged violations of the Biometric

Information Privacy Act (BIPA) were not “data breach” or “security failure” covered by Cyber,

Data Risk, and Media Insurance policies. An exclusion for loss arising out of any collection of

information by employer barred coverage.

1 Serving up your favorite coverage li2ga2on updates from the bar, best enjoyed with coffee or tea.

The court found the allegations of the underlying BIPA lawsuit did not even potentially fall within

the policy’s coverage. The policy provides coverage for losses resulting from a data breach or

security failure. These definitions do not include alleged violations via the insured’s own

collection or dissemination of biometric data. A data breach requires access to employee data

that is unauthorized by the insured. The BIPA lawsuit did not allege that anyone obtained

employees’ biometric data without authorization. On the contrary, it alleges that the insured

(and its authorized agents) collected and disseminated the biometric data.

The court also clarified that Illinois’ estoppel doctrine, often compelling carriers to file suit for

declaratory relief, only applies if the carrier breaches. In other words, if there is no coverage,

there is no duty to file a declaratory action. “[E]stoppel applies only when an insurer breached

its duty to defend, so a court must first determine whether the insurer has a duty to defend.”

3. The Phrase “Your Computers” Includes Third Party Computers

Storing the Insured’s Data

Watchword Worldwide v. Erie Ins., 308 A.3d 294 (Pa. Super. 2024), appeal denied Oct. 10, 2024

Takeaway: Court deferred to insured’s reasonable interpretation of “Your Computers,” in a

commercial property policy, to include a third-party platform hosting its electronic data.

The Pennsylvania Supreme Court denied review and therefore let stand the appellate court’s

ruling on an issue of first impression: extending the meaning of the phrase “your computers” in

a commercial property policy to include third-party computers holding the insured’s data.

The policy limited coverage to electronic data that “resides in your computers.” The insured’s

data, which included its application programming interface software and video content, was

hosted on a server owned by GoDaddy and licensed by the insured.

Finding both parties’ interpretations of the term “your computers” reasonable, the court

deferred to the insured’s interpretation favoring coverage. The insured interpreted it to include

computers that the insured “used under license or lease, given the common understanding of

‘your’ as sometimes including items the person in question does not own but has a right to use

and uses.” Thus, the phrase was not limited, as the carrier argued, to “the insured's own

computers.”

Note: despite the finding in favor of coverage, the court ruled in favor of the insurer on the

amount of damages, finding it below the deductible because the insured could have fixed the

loss early in the claim.

‍