© 2003, Deeth Williams Wall LLP. All Rights Reserved. By: Colin Adams, Student at Law (December 4, 2003)

Introduction

Is computer data a form of "tangible" or "intangible" property? Of course, the starting point for this question is always the policy itself. When the answer cannot be found in the policy, courts have reached differing conclusions. In the absence of a definitive answer, this area of insurance law should raise a red flag for businesses. Depending on the nature and specific wording of the policy, computer data may not qualify as a form of "property damage" under a standard commercial insurance policy, leaving the business to absorb a potentially heavy economic loss.

Policies

Businesses face many first and third party risks. First party risks are damages that occur internally. These could include such things as the loss of data, access to data, computer functionality, or the costs associated with investigating and fixing damage caused by virus, spam, or hacker attacks. Third party risks involve damage to a third party that are caused by the policyholder. These could include intellectual property infringement, the unintentional transmission of a virus, or defamatory messages posted on a website, to name only a few examples. A business can purchase insurance to protect itself against these risks. However, in each case, the specific wording of the policy must be construed to determine if the damage will be covered.

Typically, while some businesses may carry additional and more specialized forms of insurance coverage, most companies that do not self-insure will at least carry an all-risk or commercial general liability (CGL) policy. A core component of these policies is the protection against "property damage". More often than not, the definition of "property damage" is qualified by the terms "physical property" or "tangible property". Simple enough, but the question of the tangibility of computer data has bedeviled courts, resulting in conflicting decisions. In the midst of this judicial indecision, businesses would be well advised to review their existing policies to determine the exact nature of the coverage.

The Decisions

  1. Computer Data As Tangible Property
    The strongest support for the tangibility of computer data is provided in the U.S. case of Retail Systems Inc. v. CNA Insurance Cos.. 1 In this case, the insured lost a computer tape which was given to it for processing. In granting coverage to the insured, the Minnesota Court of Appeals relied on the integration of data with the physical properties of the computer tape. In the words of the court:
    "Other considerations also support the conclusion that the computer tape and data are tangible property under this policy. The data on the tape was of permanent value and was integrated completely with the physical property of the tape. Like a motion picture, where the information and celluloid medium are integrated, so too were the tape and data integrated at the moment the tape was lost." 2
    The court offers a strong, broad argument to support the contention that computer data is tangible property by virtue of its marriage with the computer readable substrate. It is not a leap to see how the same argument for tangibility could be equally applied when computer data is stored on other computer readable media such as hard drives, CDs, DVDs, or ZIP disks.

    Two other cases appear to support the contention that computer data can be tangible property. In American Guaranty and Liability Insurance Co. v. Ingram Micro, Inc., the Arizona District Court was faced with the question of whether a power outage, which resulted in lost computer data necessary for network functions, qualified as "physical damage" under an all-risk policy. 3 The policy covered computers and all risks of direct physical loss or damage from any cause. The court ruled that physical damage was not restricted to the physical destruction or harm of computer circuitry but included loss of access, loss of use, and loss of functionality. Accordingly, the court found that the loss of the custom network configurations which ran the network constituted physical damage under the policy.

    Outside the U.S., the Australian case of Switzerland Insurance Australia Ltd. v. Dundean Distributors Pty. Ltd. considered the question of whether a power fluctuation that led to the corruption and loss of computer data constituted "damage" to the insured's electronic accounting equipment under the policy. 4 Under the insurance policy, "damage" was not qualified by the terms "physical property" or "tangible property". Rather, physicality seemed to be implied as the policy covered damage to "electronic equipment". Although the court rejected coverage for the lost accounting data stored on the hard drive, it did rule that the operating system and accounting software were covered by the policy. In the opinion of the court, the policy was meant to cover more than simply hardware. The hardware and software shared a symbiotic relationship. Together, the hardware and software were inseparable pieces comprising the accounting system and coverage was granted.

    However, the decisions in Retail Systems, American Guaranty, and Switzerland Insurance, should all be viewed with a measure of caution. A year after Retail Systems was decided, the Minnesota Court of Appeals appeared to limit the reach of the case by distinguishing it in St. Paul Fire & Marine Insurance Company v. National Computer Systems. 5 This latter case considered whether the misappropriation of confidential proprietary information located in binders belonging to Boeing, and in the possession of a former employee, was property damage under a CGL policy. The court ruled that there was no property damage as the confidential information was not damaged or destroyed, it had merely become unavailable. In contrast, the data and the computer tape in Retail Systems were permanently lost and damage resulted. This distinction has proved to be important and resurfaced in the recent Court of Appeals for the 4th Circuit decision of America Online, Incorporated v. St. Paul Mercury Insurance discussed below. 6 More importantly, by distinguishing Retail Systems in this manner, it suggests that physical damage will only occur to computer data if the data and the physical mechanism which reads the data are simultaneously and independently destroyed.

    In American Guaranty and Switzerland Insurance, the positive outcomes for the insured in both cases were aided by the specific wording of the policies. In American Guaranty, the policy did not limit damage or loss to hardware specifically. In Switzerland Insurance, the policy did not limit the definition of "damage" to electronic equipment with the use of terms such as "physical" or "tangible". While there is no way of knowing whether the use of such limiting words in the policies would have led to different decisions in American Guaranty and Switzerland Insurance, these cases do illustrate the importance of precise drafting and carefully reviewing the policy wording.

  2. Computer Data As Intangible Property
    On the other side of the ledger, there have been two U.S. decisions which have clearly favoured the position that computer data is not tangible property. Arguably, the leading case supporting this view is the St. Paul Mercury case. The dispute arose from damage caused to pre-existing software residing on the hard drives of private individuals who installed America On-Line's (AOL) 5.0 access software. AOL's primary insurer, St. Paul Mercury Insurance Company (St. Paul), refused to defend and indemnify against any damage claims on the basis that the damage caused was not "property damage" under the CGL policy. At trial, St. Paul successfully defended its position. The district court for the Eastern District of Virginia ruled that software and data are not forms of tangible property and any loss of use claims under the policy were excluded by the "impaired property" exclusion in the CGL. In setting out the reasons supporting its decision, the court relied on the dictionary definition of "tangible". The court decided that tangible property was something that could be touched. In that regard, the court reasoned that computer data did not qualify as tangible as it could not be touched and was imperceptible to the senses. On appeal, the 4th Circuit agreed and affirmed the trial court's decision. In doing so, the 4th Circuit added a further level to the analysis by delving into an interesting discussion on the intangibility of computer data. While the court agreed that the physical magnetic material on the hard drive is tangible property, it reasoned that it must be distinguished from the data itself, which is intangible. To make its point, the court evoked the rationale in St. Paul Fire and analogized the damage suffered by AOL users to that of a combination lock where the combination is unknown. While the lock is useless, it is not physically damaged and can be used again once it is given the correct combination. Similarly, when the software of AOL users became inoperable following the installation of the access software, it was the code that was damaged, not the hardware that ran the software.

    The district court for the Western District of Oklahoma in State Auto Property and Casualty Insurance Co. v. Midwest Computers and More came to a virtually identical conclusion. 7 In this case, the insurer moved for summary judgment on the issue that it had no duty to defend or indemnify the insured for negligent computer service work as it did not fall within the definition of "property damage" under the policy. The court briefly considered the issue of whether computer data is tangible property. In a terse paragraph, the court stated that computer data cannot be tangible property as it does not accord with the common dictionary definition of the term. Although the storage medium for computer data is tangible, the data is not. Computer data cannot be touched, held, sensed by the human mind, and has no physical substance. As such, the damage caused by the insured did not fall under the policy.

    St. Paul Mercury and State Auto offer important counterpoints to the argument supporting the tangibility of computer data found in Retail Systems. First, both cases make the conceptual leap of separating the data from the medium which holds it. In conceiving of computer data in this manner, each court is able to conclude that the data residing on a physical computer readable medium does not constitute a single item of property. Second, building on the separation of data and substrate, St. Paul Mercury, like St. Paul Fire before it, distinguishes between damage and loss of use. In the court's opinion hardware is not necessarily "damaged" when the software becomes inoperable. Rather, the user simply experiences a loss of use. Whether these arguments will be adopted or rejected in future cases remains to be seen. However, the arguments in St. Paul Mercury and State Auto, in combination with limitations on a finding of tangibility in Retail Systems, appear to have more persuasive value in determining that computer data is not tangible property.

  3. Canada
    No Canadian court has wrestled with the question of computer data as a form of tangible or intangible property. In the absence of any cases directly on point, a Canadian court will likely receive a degree of judicial guidance from the cases noted above. With the cases on the issue split, there is no clear indication on the course a Canadian court would take. However, if the cases discussed are any indication, a Canadian court's decision may be guided, and ultimately determined, by characterizing computer data as something either indistinguishable from the medium holding it or as a distinct item of property.

Conclusion

The key to the rulings noted above seems to lie in the decision of courts to either characterize the data and substrate holding it as indistinguishable or as distinct elements. From a business perspective, the differing judicial rulings should signal an alert. In order to prevent an unwelcome surprise from an insurer, businesses need to determine the exact nature of their coverage for first and third party damage to computer data. Quite possibly, a CGL or all-risk policy may have to be amended. Alternatively, a business may wish to consider more specialized forms of insurance to guard against such damage.

Endnotes

  1. 469 N.W.2d 735 (Minn. App. 1991) pet. for rev. denied (Minn. Aug. 2, 1991) [hereinafter Retail Systems].
  2. Ibid. at 737.
  3. 2000 WL 726789 (D. Ariz, 2000) [hereinafter American Guaranty].
  4. [1998] 4. V.R. 692 (Vict. C.A.) [hereinafter Switzerland Insurance].
  5. 490 N.W.2d 626 (Minn. App. 1992) [hereinafter St. Paul Fire].
  6. 207 F.Supp 2d 459 (E.D. Va. 2002); aff'd No. 02-2084 (4 th Cir. 2003) [hereinafter St. Paul Mercury]. Both the trial and appeal decisions can available online. For an electronic copies of the trial and appeal decisions, see: http://pub.bna.com/eclr/aolstpaul.htm and http://laws.findlaw.com/4th/022018p.html, respectively.
  7. 147 F.Supp. 2d 1113 (W.D. Okla. 2001) [hereinafter State Auto].
Contact James Kosa for additional information on Insurance Law.

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.

By Editors
Deeth Williams Wall December 4, 2003 December 4, 2003 July 8, 2015
Technology Contracting