Insurance Coverage for Potential Liability Arising from Internet Privacy Issues

Article excerpt

I. INTRODUCTION

In the business world, the growing dependence of companies on the use of the Internet to gather and transmit client and customer data presents companies with new issues regarding privacy of this data. Companies that solicit personal information from clients and customers should have a duty to keep such information confidential. This Note is forward-looking to a time when there will be legislation allowing individuals to hold companies accountable for the disclosure of an individual's confidential information. In the future, questions will emerge regarding a company's right to insure itself against such liabilities, and if allowed, the kinds of insurance policies that will be appropriate to provide indemnification for losses.

Part II of this Note serves as a background and describes the increased use of the Internet. It summarizes potential and existing grounds for liability related to privacy issues. Part II also includes a summary of currently available insurance policies that may cover liability for disclosure of confidential information over the Internet. Part III presents information regarding the passage of the Comprehensive Environmental Response, Compensation, and Liability Act of 1980(1) to provide an example of the difficulties faced by insurers and policyholders when Congress passes regulatory legislation. The Note ends with suggestions that the insurance industry and the insured may follow to avoid the difficulties they may encounter dealing with legislation regarding liability for disclosure of confidential information over the Internet.

II. BACKGROUND

A. The Increase in Internet Use

The Internet has become an indispensable tool for data retrieval, communication, and business transactions. Companies increasingly look to the Internet to attract potential clients and customers and to stay in contact with current clients and customers. But with the ease in collecting and processing information on the Internet2 and the "depth and richness of the data that's available,"3 there exists the danger that Internet business transactions can render a party's "information susceptible to interception, misappropriation, or other loss."4 The Internet exposes companies to the danger that third parties may access private, confidential client data, resulting in potential liability to the companies.

The privacy and security concerns generated by the Internet increase the importance of a company's privacy policy.5 Until recently, data collection practices "had few limits because regulation of consumers' privacy-whether online or offline had met with considerable industry resistance."6 However, it is safe to assume that with an increase in online communication of sensitive and confidential information, there will be an increase in the number of complaints about invasions of privacy.7 Legislatures, attorneys, and courts "should anticipate a rise in litigation as Americans become more cognizant of the use and potential misuse of their personal data."8 Recognizing the necessary concern for the safety of the information obtained by companies regarding their clients,9 companies that conduct business over the Internet are creating their own privacy policies and even hiring special privacy officers to oversee compliance.10 Many law firms are establishing separate privacy practice groups11 and providing sample Internet privacy policies for companies to follow.12

B. Liability Claims for Invasion of Privacy

The United States Constitution does not contain a provision granting a general right to privacy.13 In the United States, "consumers have no right to control the dissemination of their personal information to others."14 Further, individual computer users generally lose a reasonable expectation of privacy when they reveal personal information to a third party.15 Though computer users may have potential federal causes of action, the protection of a person's privacy is left largely to the states. …