Software Developers Should Have E&O Policies to Cover Product Defect Claims
A recent lawsuit filed against Redmond, Wash.-based Microsoft Corp. should alert software developers to potential product defect loss exposures.
In that case, filed in Los Angeles Superior Court early last month, a California plaintiff whose Social Security number and identity were stolen, allegedly due to a flaw in Windows software, is suing Microsoft for manufacturing an allegedly defective product. Her attorney is attempting to make the case into a class action.
Lawsuits against software developers claiming that they failed to build adequate security safeguards into their products may be barred by disclaimers absolving the developers from liability for security breaches, according to attorneys in the technology field. But even if the cases dont result in damages, software developers may need defense cost coverage to get the cases dismissed or avoid having them certified as class actions.
"Firms that design software would look to their errors and omissions policies for coverage of claims alleging a product defect," noted Peter Taffae, managing director and president of Los Angeles, Calif.-based e-perils.com. As respects claims such as the one made against Microsoft, Mr. Taffae said that "this is a troubling development [for insurers], as E&O policies were not intended to cover security breaches."
Mr. Taffae pointed out that since software developers E&O policies are usually written on an "all-risks" basis, if security-related claims are not specifically excluded they would be covered, regardless of the insurers intent.
E&O policies are the most likely source of coverage for software defect allegations because standard commercial general liability and monoline products liability policies often exclude product claims that dont allege bodily injury or property damage, insurance experts noted.
Aaron Latto, e-commerce underwriting director for the St. Paul Companies technology underwriting division, agreed that coverage for claims related to software defects would be found in E&O policies.
"CGL policies that include products coverage, as well as monoline products liability policies, require a bodily injury or property damage in order to trigger coverage," Mr. Latto pointed out. "Software claims usually involve only financial loss, which those policies ordinarily dont cover," he said.
Mr. Latto added that if there was some sort of physical manifestation to the claimantsuch as severe stress from the financial impact of having ones identity stolenan E&O policy might provide coverage, depending on the policy form and insurer. He also noted that a CGL or products policy might be triggered by a physical manifestation, because that could constitute bodily injury.
Toby Levy, technology industry practice manager for The Hartford Financial Services Group Inc. in Hartford, Conn., said that an E&O policy can be endorsed to include "contingent" bodily injury and property damage. "Such coverage would ordinarily not be in a standard [unendorsed] E&O form," he added.
Whether software defect claims will meet with any success at all in the courts is far from certain.
"Under current law, plaintiffs face an uphill battle to prove a products liability case against a software maker, assuming the software was distributed with a disclaimer," said technology attorney Jeffrey D. Neuburger, a partner with the New York law firm Brown Raysman Millstein Felder & Steiner LLP.
Joshua Gold, an attorney and shareholder with Anderson Kill & Olick, P.C. in New York, noted that disclaimers are "the bane of the courts" and judges are often not keen on enforcing them. "Courts look good and hard at such disclaimers and decide on a case-by-case basis whether they are enforceable."
"It is hard to tell at this point whether these types of lawsuits will succeed," Mr. Gold said. "With a cutting-edge technology, even if its not foolproof, the software firm could argue that it is the best product out there on the market right now."
Mr. Neuburger indicated that individuals who "click through" Web-site disclaimers without reading what they say would probably nevertheless be bound by them because they are clicking that they "agree with" or "accept" the disclaimers.
"Businesses often negotiate the disclaimers as part of their written contract with the software vendors, so they would be even more likely to be considered bound by them," Mr. Neuburger pointed out. "But one can never be certain what a court will decide," he cautioned.
If a software firm seeks coverage under a CGL or products policy, another hurdle would be whether theft of or damage to computer data is considered "tangible" property damage, both attorneys noted. They pointed out that these policies usually exclude damage to "nontangible" property.
"There are cases on both sides of the fence on whether electronic data is tangible property," Mr. Gold said. "Courts have not been consistent on that issue."
"Allegations in the complaint stating that data was stolen might amount to an invasion of privacy claim, which could be covered under a CGL policys personal and advertising injury section," added Mr. Gold.
Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, October 31, 2003. Copyright 2003 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.