The Standard of Proof in Connecticut for Civil Theft

Posted on June 21, 2010 by N. Kane Bennett

In Stuart v. Stuart, to be officially released on June 22, 2010, the Connecticut Supreme Court clarified the standard of proof for civil theft cases in Connecticut (download decision here).  Prior to this ruling, there was some confusion amongst attorneys and trial courts as to the appropriate standard of proof for a civil theft claim under Connecticut General Statutes section 52-564.  

Connecticut's civil theft statute states, in pertinent part:

Treble damages for theft. Any person who steals any property of another, or knowingly receives and conceals stolen property, shall pay the owner treble his damages.
 

To successfully allege civil theft, an attorney must plead and prove the elements of larceny under Connecticut General Statutes section 53a-119.  The key element that must be established is the taking or withholding of property with the intent  to deprive another person of the property.  Some examples of successful use of Connecticut's civil theft statute:

  • Overdrawing on bank accounts
  • Theft of business or corporate property
  • Accepting insurance premium payments in excess of required amounts
  • Defrauding another of bank funds
  • Refusal to return deposit on purchase and sale agreement
  • Wrongful seizure of personal or business property
  • Stealing utilities
  • Depleting business accounts
  • Diverting account receivables

The takeaway from the Stuart case is that the cause of action for civil theft remains the same.  However, the Connecticut Supreme Court has clarified that an attorney only needs to establish proof of civil theft by a preponderance of the evidence.

Tags: , , , , ,

Will Your Data Loss Be Covered By Insurance?

Posted on June 14, 2010 by N. Kane Bennett

I always recommend that businesses implement a plan for data loss, security breach, and privacy related to electronically stored information.   As additional protection, I also typically recommend that businesses investigate additional insurance coverage.  In particular, business owners with risk should investigate insurance coverage for first and third party claims arising out of a loss of data, security breach, or technology errors.  These insurance plans are sometimes referred to as cyber liability or technology errors insurance.  I have posted about these insurance plans in the past.

By obtaining the proper data loss insurance coverage, a business should be able to make an insurance claim for its own losses and, at the same time, have protection from lawsuits following a data loss incident.  However, after reading a recent article by  Jaikumar Vijayan from Computerworld.com,  I suppose the critical words here are "should" and "proper" as it relates to insurance coverage for a data loss incident.    

Jaikumar wrote an article about a Colorado insurance company that filed a lawsuit to deny responsibility for the University of Utah's 2008 security breach and data loss totaling $3.3 million in costs.  Colorado Casualty Insurance filed a declaratory judgment lawsuit in the United States District Court of Utah  (Download complaint here). 

The University of Utah utilized a third party vendor, Perpetual Storage, Inc.,  for data storage concerning data on 1.7 million patients over 16 years at university hospitals and clinics.   According to the lawsuit, the University of Utah incurred 3.3 million in costs to remedy the security breach and made a claim for reimbursement to Perpetual Storage.  In turn, Perpetual Storage referred the matter to Colorado Casualty, its liability insurer. 

In response to Perpetual Storage's claim, Colorado Casualty filed the lawsuit seeking a ruling that it did not have to provide Perpetual Storage with a defense to any claims brought by the University or reimburse the University for its damages. Perpetual Storage filed a motion to dismiss the complaint claiming that Colorado Casualty did not plead specific facts or mention particular insurance policy provisions.  At this point, the outcome of the lawsuit is not clear.

The takeaway here for Connecticut business owners is that not every insurance plan will provide the proper coverage for a data loss, security breach, or technology errors.  Whether Perpetual Storage had the "proper" coverage in place is not clear as the specific policies were not referenced in the lawsuit or the motion to dismiss.  Nevertheless, the lawsuit serves as a reminder that business owners need to make sure the proper insurance coverages are in place.  Do not assume that a general commercial liability policy will cover the specific risks of data loss, security breach, or technology errors.  In fact, in most instances, a general commercial liability policy will not cover such risks. 

Tags: , , , , ,

Wondering Where The Line Is On Internet Privacy - - Just Watch Facebook

Posted on June 3, 2010 by N. Kane Bennett

My firm receives many calls from new or existing businesses with Internet privacy questions.  Many calls come from e-commerce businesses, start ups, or businesses that want to utilize information gathered from users accessing their Web sites. Some business owners have ideas or concepts that test the limit on use of user profiles, preferences, and content.  The question becomes, just what are the limits for user expectations on privacy?

Take Facebook for example.  Facebook has a reported 400 million users.  Facebook is constantly in the headlines over its privacy policies and security settings related to its user's profile information.  Whether it is a class action lawsuit in California  or the recent $10 million settlement for its Beacon program, you can count on Facebook to have dealt with any number of privacy issues in litigation.  

Recently, another lawsuit has been filed over Facebook's "opt out" setting concerning the instant personalization feature.  Wendy Davis on  Online Media Daily reported on the story.  This feature automatically shares user information with three outside companies, Microsoft Docs, Pandora, and Yelp.  The lawsuit was filed in U.S. District Court in Rhode Island for violation of the Stored Communications Act (Download here).  By my count, Facebook has been sued at least 30 times in Federal court in recent years.

In the Internet privacy area, Facebook tests the outer limits of what is acceptable for privacy rights and user expectations.  When Facebook makes a change or tries something new, everyone pays attention.  As a result, Facebook's privacy policies get vetted by 400 million users, numerous industry and trade groups, leading technology blogs like TechCrunch, and even the federal government. 

If you want to know what crosses the line when it comes to privacy on the Internet,  just watch Facebook.   

Tags: , , , , , , , ,