I was reading the Privacy & Cybersecurity Update – November 2017 from Skadden, Arps, Slate, Meagher & Flom LLP, and thought my readers might be interested in some of the news they covered for the month.
District Court Holds That Insurer’s Written Privacy Pledge to Insured is Unenforceable in Data Breach Row
In a victory for insurers, a federal court recently determined that a privacy pledge included with an insurance policy is not considered part of the policy and therefore was not enforceable against the insurer in a data breach dispute with its insured stemming from the insurer’s alleged failure to adequately safeguard the insured’s personal information.
On November 8, 2017, the U.S. District Court for the Northern District of Illinois granted summary judgment in favor of Combined Insurance Company of America (Combined), the health insurer of department store chain Dillard’s, in a data breach dispute with a Dillard’s employee. The court concluded that a privacy pledge included with the employee’s insurance policy did not form part of the contract and therefore was not enforceable against Combined.6
Read more on Skadden.