Photo of Patrick Loi

Patrick represents policyholders in complex insurance recovery disputes. He has advised clients on coverage for a wide range of claims and losses, including “phishing” losses; securities class actions and investigations; and product liability and Telephone Consumer Protection Act claims.

With news of massive data breaches making headlines in recent years, the handling of personal data has become a focus for legislators and regulators around the world.  Compliance with data privacy regulations such as the European Union’s General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA) promises to be one of the major challenges for businesses going forward as violations of these regulations present the risk of substantial fines or penalties.

In order to manage that potential liability, businesses have looked to cyber insurance. However, even when cyber insurance policies expressly state that they cover fines and penalties, whether or not they actually do so depends on whether fines and penalties are ‘insurable’ under the law that governs that coverage. Some jurisdictions prohibit insurance for fines and penalties as against public policy, and if the law of such a jurisdiction is deemed to govern, then even a policy that expressly promises to provide coverage may not protect the insured.
Continue Reading Maximizing Your Insurance Coverage for Data Privacy Liability

Discussions with an insured’s insurance broker are often an important part of the negotiation process for insurance claims. Brokers can provide valuable insights on the drafting and underwriting of the insurance policy as well as the attitudes of insurers on particular issues.  But are communications between a client, coverage counsel, and the client’s insurance broker privileged? A previous post addressed California decisions finding that disclosure of privileged information to an insurance broker did not waive privilege because those disclosures were reasonably necessary to provide information to the insurers. In New York, whether such disclosure constitutes a waiver is a fact-specific inquiry.
Continue Reading Are Communications With Your Insurance Broker Privileged Under New York Law?

Companies of all sizes have fallen victim to attacks whereby fraudsters will use deceptive communications, such as spoofed emails, to trick an employee into transferring money into the fraudsters’ control. While these increasingly prevalent schemes are an ever-present risk for businesses, the body of case law finding these losses covered under crime insurance policies continues to develop. In a previous post, we discussed decisions from the Second Circuit and Sixth Circuit that have found coverage under crime policies for phishing-related losses. Now, with its decision in Principle Sols. Grp., LLC v. Ironshore Indem., Inc., 944 F.3d 886 (11th Cir. 2019), the Eleventh Circuit has held that such losses are covered by policies insuring against fraudulent instructions.
Continue Reading Another Federal Circuit Finds Phishing Loss Covered Under Crime Policy

It is an all-too-common dilemma. As phishing schemes have become more prevalent and more sophisticated, businesses of all sizes have fallen victim to these attacks where a fraudster will use a spoofed email or other deceptive communication to trick an employee into transferring money into the fraudster’s control. While this is a difficult scenario for anyone to face, two decisions from federal circuit courts have offered policyholders some relief by finding coverage for these losses under policies insuring against Computer Fraud. In doing so, these opinions rejected insurers’ arguments that the theft accomplished through these fraudulent emails did not qualify as Computer Fraud or were not losses that were directly caused by Computer Fraud.
Continue Reading Are Losses Resulting from Phishing Incidents Covered by Crime Policies Insuring Against Computer Fraud?