No Coverage for Alleged Violation of the Video Privacy Protection Act

A recent unpublished decision from the Western District of Washington provides yet another example of a court endorsing limits on general commercial insurer responsibility in the area of consumer privacy violations.

In Nat’l Union Fire Ins. Co. of Pittsburgh, PA v. Coinstar, Inc., 2014 U.S. Dist. LEXIS 31441 (W.D. Wash. Feb. 28, 2014), the court concluded that insurance coverage may be excluded for lawsuits alleging the insured violated a statute, regulation or ordinance related to “sending, transmitting or communicating” any material or information, including consumers’ personally identifiable information. In this case, the insurer was not obligated to defend or indemnify its insured in an underlying lawsuit alleging that the insured violated the federal Video Privacy Protection Act (“VPPA”).

National Union insured Coinstar under two commercial general liability policies through which Coinstar’s subsidiary, Redbox, was also an insured. Redbox is a well-known operator of DVD-vending machines throughout the United States. To use Redbox’s vending machines, consumers provide personally identifiable information and pay for rentals with a credit card. Redbox was sued in Sterk v. Redbox Automated Retail, LLC, Case No. C11-1729 (N.D. Ill. 2011), alleging Redbox used consumers’ personally identifiable information for marketing purposes, and improperly disclosed their information to third parties without the consumers’ express permission, in violation of the VPPA.

The National Union policies contained an exclusion: “Exclusion – Violation of Statutes in Connection with Sending, Transmitting, or Communicating Any Material or Information,” barring coverage for a claim “arising out of or resulting from, caused directly or indirectly…by any act that violates any statute…that addresses or applies to the sending, transmitting or communicating of any material or information, by any means whatsoever.”

The trial court ruled that the insurer’s exclusion clearly barred coverage for the Sterk lawsuit.  The Court noted that “[t]he sole purpose of the VPPA is to protect consumers’ privacy by prohibiting the ‘sending, transmitting or communicating’ of their personal information ‘to any person’ except in specific, limited circumstances.”  In the Court’s view, this matched up to the plain language of the insurance policy exclusion barring any injury that arises from any act that violates any statute that applies to the sending, transmitting, or communicating of any material or information.

An insurer’s obligation to defend an insured is based only on allegations against an insured in an underlying suit and is broader than an insurer’s obligation to pay for judgments. Because the Sterk lawsuit alleged that Redbox’s actions violated the VPPA—and thus only alleged actions that were barred by the policy—National Union never had an obligation to defend Redbox in the Sterk lawsuit, even if those allegations were later established to be false.

While unpublished, this decision may be persuasive to other courts addressing insurance policies containing substantially similar exclusions. Such exclusions fist became widely adopted by insurers in response to Telephone Consumer Protection Act class actions, commonly known as “fax blast” litigation, and lawsuits alleging violations of the CAN-SPAM Act of 2003. Such exclusions have since evolved and become more broadly applicable.

About The Author

Meredith E. Dishaw joined the Seattle office in 2010 as an associate in the Global Insurance Group. Meredith counsels primary, umbrella, and excess insurance companies in all stages of complex coverage and bad faith matters, and litigates for those clients in the state and federal courts.

Posted in Video Privacy Protection Act

Leave a Reply

Your email address will not be published. Required fields are marked *


About Cyber Law Monitor
In the new digital world, individuals and businesses are almost entirely dependent on computer technology and electronic communications to function on a daily basis. Although the power of modern technology is a source of opportunity and inspiration—it also poses huge challenges, from protecting privacy and securing proprietary data to adhering to fast-changing statutory and regulatory requirements. The Cyber Law Monitor blog covers privacy, data security, technology, and cyber space. It tracks major legal and policy developments and provides analysis of current events.
Receive Email Updates


Cozen O’Connor Blogs