Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Rachel Raphael

Rachel Raphael

Rachel Raphael is an associate at Crowell & Moring, where she is a member of the firm’s Insurance/Reinsurance Group. Her practice involves litigation, arbitration, and counseling on a wide variety of insurance/reinsurance issues and includes pre-dispute advice as well as insurer/reinsurer representation in complex disputes.  Rachel received her J.D. from Harvard Law School in 2013. Prior to law school, Rachel worked as a financial analyst in the restructuring group of Houlihan Lokey, a global investment bank.

 

Read Rachel's bio on Crowell & Moring's website

Subscribe to all posts by Rachel Raphael

Missouri District Court Relieves Insurer of Duty to Defend TCPA Suit

Posted in Insurance, Privacy
On December 15, 2016, in The Travelers Indemnity Co. of Connecticut v. Max Margulis, et al., the U.S.  District Court for the Eastern District of Missouri ruled that an insurer did not have a duty to defend its policyholder in a suit alleging a violation of the Telephone Consumer Protection Act (“TCPA”). Margulis is one… Continue Reading

Alabama District Court Relieves Carrier of a Duty to Defend or Indemnify Policyholder Following Data Breach

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
On October 25, in the case of Camp’s Grocery, Inc. v. State Farm Fire & Casualty Company, the District Court for the Northern District of Alabama granted summary judgment in favor of State Farm Fire and Casualty Company (“State Farm”), concluding that State Farm did not have to defend or indemnify its policyholder, Camp’s Grocery… Continue Reading

Internet of Things Raises Complex Insurance Coverage Issues

Posted in Cybersecurity / Data Security, Data Breach, Insurance
In a recent Law360 publication, C&M attorneys Rachel Raphael and Ellen Farrell discuss how the Internet of Things (IOT) can present complex insurance coverage issues.  As they explain, the tangible and intangible nature of IOT products can cause particular confusion between traditional general liability policies (which may exclude coverage for cyber incidents) and stand-alone cyber… Continue Reading

Arizona District Court Determines Scope of Coverage Provided by Cyberinsurance Policy

Posted in Cybersecurity / Data Security, Data Breach, Insurance
On May 26, 2016, in the case of P.F. Chang’s v. Federal Insurance Co., the U.S. District Court for the District of Arizona held that a stand-alone cyber insurance policy did not cover fees assessed by a third party credit card processing company against P.F. Chang’s following a June 2014 data breach.  This decision is… Continue Reading

Fourth Circuit Affirms Carrier’s Duty to Defend Against Security Breach Claims Under Traditional Insurance Policy

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
Following an April 11 ruling by the Fourth Circuit in Travelers Indemnity Company of America v. Portal Healthcare Solutions, LLC, Travelers must defend its policyholder, Portal Healthcare, in a class action lawsuit concerning a security breach.  For years, courts have wrestled with whether traditional commercial general liability (CGL) policies provide coverage in event of a… Continue Reading

NAIC Announces Insurance Data Security Model Law

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
On March 2, 2016, the National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force proposed a new model law intended to “establish the exclusive standards for data security and investigation and notification of a breach of data security” in the insurance industry. The model law requires licensed insurers and producers to: Develop, implement and maintain… Continue Reading

NAIC Cyber Task Force Adopts Cyber Bill of Rights

Posted in Cybersecurity / Data Security, Data Breach, Insurance
On October 14, the National Association of Insurance Commissioners (NAIC) announced its cybersecurity “bill of rights” which outlines six rights of insurance consumers.   Generally speaking, the bill of rights is divided into three broad categories: (1) standard consumer information, (2) insurer safeguards and actions and (3) post-breach and identity theft protections.  Although most states have… Continue Reading

Is There Cyber Coverage Under D&O Insurance Policies?

Posted in Cybersecurity / Data Security, Data Breach, Insurance
In a recent Law360 publication, C&M attorneys Rachel Raphael and Ellen Farrell discuss how directors and officers (D&O) insurance coverage applies when a company experiences a data breach.  As they explain, D&O policies may provide some coverage when a company’s directors and officers are sued after a cyber incident, but there are often policy exclusions… Continue Reading

Eleventh Circuit Holding Highlights Importance of Choice of Law on Insurance Coverage for Cyber Incidents

Posted in Cybersecurity / Data Security, Data Breach, Insurance
On August 17, in the case of Carolina Casualty Insurance Company, et al v. Red Coats Inc., the Eleventh Circuit reinstated a suit brought by Admiral Security Services against two of its insurers, Continental Casualty and National Union, in the district court for the Northern District of Florida.  Admiral was seeking coverage under commercial general… Continue Reading

California District Court Dismisses Suit, Without Prejudice, Over Stand-Alone Cyberinsurance Policy

Posted in Cybersecurity / Data Security, Data Breach, Insurance
In follow up to our previous post, on Friday, July 17, the U.S. District Court for the Central District of California dismissed a lawsuit initiated by Columbia Casualty Company (“Columbia”) against Cottage Health System (“Cottage”) related to a data breach that released about 32,500 patient healthcare records that were stored electronically on Cottage’s network servers.… Continue Reading

California District Court Called Upon to Determine Scope of Coverage Provided by Stand-Alone Cyberinsurance Policy

Posted in Cybersecurity / Data Security, Data Breach, Insurance
The ever-increasing frequency of cyber incidents has caused companies to recognize the need for cyberinsurance policies in addition to more traditional types of coverage.  A recent case, Columbia Casualty Company v. Cottage Health System, No. 2:15-cv-03432, suggests that even coverage under these stand-alone cyberinsurance policies may have limits. Earlier this month, Columbia Casualty Company (“Columbia”)… Continue Reading