It’s the New Year: Have You Checked Your Marks Lately?

The start of a new year provides a time to reflect on past successes and lessons learned. It’s also a time to chart the course ahead to achieve your goals. One important goal for any business is to protect the uniqueness and “brand identity” that distinguishes it from others. And, there is no more valuable asset of brand identity than a company’s trademarks and service marks.

Like any business asset, trademarks and service marks must be used properly in order to maintain and enhance their value. Failure to do so can result in your trademarks and service marks losing their value and, eventually, allowing copycats to “steal” value from your business.

So, here are a few New Year’s tips to 1. ensure that you know how to properly use (and, thereby, legally strengthen) your trademarks and service marks, and 2. keep from weakening (or even losing) your trademarks and service marks.

I.  First, Some Basics:

What Is a Mark? What Is Its Purpose?

In short, a “trademark” is a word or symbol (or a combination of both) used to identify a business’s products to distinguish them from similar products offered by others.  Conversely, a “service mark” is used to identify services (rather than products) offered by a business to distinguish those services from similar services offered by others.  (Unless stated otherwise, the rest of this article uses the term “Mark” to include both trademarks and service marks.)

Marks help customers differentiate between products or services offered by one business and products or services offered by another.  Customers rely extensively on Marks when making purchasing decisions between different brands of the same product. They purchase one product instead of another, more often than not, based on perceptions of the respective quality and reputation associated with a specific brand (the Mark)—often without ever sampling the actual product or service. (Who opens a Coca-Cola beverage to taste it before buying it over a generic labeled store brand?) The ability of Marks to distinguish competing products or services and drive buying decisions is what makes them so valuable.  Such value is worthy of protection. And protection starts with proper usage.

What Do We Mean by “Proper Usage” of Marks?

Proper usage of Marks is all about clearly and consistently presenting the Mark in a way that the consumer easily recognizes that the Mark indicates a specific source (or brand) of products or services. The antithesis of this is when a Mark is used in such a way that it is perceived as merely a generic name for a product or service. Proper Mark usage indicates a specific source or brand. (Think: “Buy a BMW automobile”.)  Improper usage allows the Mark itself to be mistaken for the generic name of a category of products or services. (Bad: “Hand me a Kleenex”; “Make me a Xerox”.)  As customers come to associate your Mark with the specific quality and reputation unique to your brand, properly presenting a Mark preserves—and, over time, strengthens—the Mark’s ability to distinguish your business’s products and services from those of another company in the minds of customers.

II.  Do a “Proper Usage” Check-Up: Some Things to Look For.

A.  Present Your Mark as an Adjective – Not as a Noun or a Verb. You should always use your Mark as an adjective followed by a noun (the generic name of your products or services). Never use your Mark as a standalone noun or verb, even as a “shorthand” description of the products or services.  Failure to consistently present your Mark as a modifier to differentiate your company as the source of products or services leads consumers to think that your Mark is merely a generic name (whether as a noun or verb) for the type of products or services you provide. If that happens, your Mark may no longer be “distinctive”—meaning that customers no longer view it as a basis for distinguishing between your products and services and similar products and services of others. Once your Mark is no longer distinctive, it can lose the legal protections accorded to a trademark or service mark. This includes the right to exclude others from using your Mark.

Here are some examples of correct and incorrect uses of a Mark in a sentence.

Correct:   “Use BUZZ cloud data services to manage your data.” (“BUZZ” modifies cloud data services—good!)

Incorrect: “Use BUZZ to manage your data.” (“BUZZ” used as a shorthand noun—bad.)

Incorrect: “BUZZ your data management!” (“BUZZ” used as a verb—bad.)

TIP – One way to determine whether you are using your Mark properly as an adjective is to delete the Mark from the sentence in which it appears.  If the sentence still makes sense after deletion, that’s a good sign that the Mark was being used properly in the sentence.

EXCEPTION:  Sometimes a business uses the same term as both a Mark (a brand name for its products and services – an adjective) and as a name for the business itself (a noun).  (Think “BMW”, which is used both as the name of the company and as a brand name for the automobiles offered by that company.) When the business is merely using the term to refer to itself as a company or corporate entity, it is permissible to use the term as a standalone noun—but the business should nonetheless remain vigilant to follow the rules of proper Mark usage when it is using that term as a brand name for the business’s products and services (an adjective).

B.  Present Your Mark Consistently in Form and Format. Your Mark should always be presented consistently.  Consistent repetition of your Mark in the exact same form helps consumers recognize and remember it. This, in turn, strengthens consumers’ association of your Mark with the specific quality and reputation unique to your business. So:

  • Don’t vary the spelling or punctuation of your Mark; and
  • Avoid presenting your Mark in plural or possessive forms. (However, this does not apply if your Mark is actually plural (like “BUNCHES”) or a possessive (like “BOB’S”).)

C.  Make Your Mark Stand Out. Consider taking additional steps to make your Mark stand out as a unique identifier for your brand of products and services. For example, if your Mark is a word or a phrase (rather than a logo), differentiate the Mark visually from surrounding text.  Present your Mark in ALL CAPS or in a different color font.  Making your Mark stand out,  reinforces the word or phrase as a Mark instead of a generic reference.

D.  Use the Correct ®, TM, or SM Symbol and Use It Correctly.  Proper use of the correct ®, TM, or SM symbol is crucial to preserving rights in your Marks for several reasons.  It publicly reinforces that the word(s) or logo to which the symbol is affixed are being used as a Mark and not a generic name for goods or services, and it puts potential infringers on notice of your claim to rights in your Mark.  Furthermore, in some cases, it may eliminate certain defenses available to those infringing your Mark and affect the types of infringement damages you might recover for an infringement of your Mark.

Here are tips on how to determine which is the correct symbol to use with your Mark and how to use that symbol properly.

  • Use the ® symbol if your mark is registered with the USPTO in connection with the products and/or services on which the mark is being used in that particular instance.
  • Conversely, don’t use ®—and do use either the TM or SM symbol, as applicable—if you have not obtained a USPTO registration for your Mark or if you are not using the Mark, in that particular instance, with the particular products or services listed in your Mark’s USPTO registration.
    • Use the TM symbol when the Mark is being used in connection with products.
    • Use the SM symbol when the Mark is being used in connection with services.
  • Place the correct ®, TM, or SM symbol immediately following the Mark, not after the generic name of the product or service with which your Mark is associated. For example, for the Mark “BUZZ” registered with the USPTO for cloud data services, an example of appropriate usage would be “Use BUZZ®  cloud data services”—not “Use BUZZ cloud data services®”. (If there was no USPTO registration for “BUZZ” or if “BUZZ”, is not registered with respect to “cloud data services,” you would change the ® to a SM symbol.)

EXCEPTION: As noted, sometimes a business uses the same term as both a Mark and as a name for the business itself.  Trademark symbols should never be used where the business is merely referring to itself as a company or corporate entity (a noun), as opposed to a “brand name” for specific products or services (adjective).

ConclusionStart the new year off right by making sure your business is using and presenting its Marks properly. Appropriate presentation and use of your Marks will: strengthen customers’ association of your Mark with the particular products or services with which it is associated; help you protect your Mark against infringement; and increase the value of your business’s unique “brand identity.”

If you have questions regarding trademarks and service marks, including selection, proper usage, and protection of these valuable business assets, contact Mike Stewart at or (770) 399-9500 for more guidance.

Limiting Your Liability for Copyright Infringement Caused by Others: Important Steps You Need to Take Soon

If you are running a technology business that deals with content provided by users or other third parties—or even if your business simply has an interactive web presence that allows users to post their own comments or photos or contains links to other websites—there are important changes you need to know about to limit your liability for copyright infringement caused by your users and other third parties. Here’s what you need to know.

Since 1998, the Digital Millennium Copyright Act (DMCA) has provided certain “safe harbors” that limit a “service provider’s” liability for copyright infringements caused by content provided by users or other third parties.  If the service provider meets the requirements of a particular safe harbor, it will have no liability for monetary damages or (almost all) injunctive relief for copyright infringement arising out of content provided by third parties.

Under new regulations that became effective December 1, 2016, the U.S. Copyright Office imposed new, detailed registration and renewal requirements that a service provider must meet in order to qualify for—and maintain—the limitations on liability afforded under the DMCA.   Furthermore, the regulations signal the U.S. Copyright Office’s intent to extend the new registration requirements to service providers who were not clearly required to comply with these requirements under the DMCA previously—meaning that certain businesses who may have believed since 1998 that they were exempt from these registration requirements must now comply with the new regulations—or risk losing important protections against liability for copyright infringement.


Section 512 of the U.S. Copyright Act defines a “service provider” broadly to mean any “provider of online services or network access, or the operator of facilities therefor.”  As such, your business is likely a “service provider” within the meaning of the DMCA if you, for example:

  • Operate a website or app that does any of the following:
    • has “social” or “sharing” functionalities (for example, that allow users to provide comments or reviews, participate in discussions or user forums, or upload photos or other materials);
    • contains or publishes material submitted by third parties (such as product photos or descriptions in an online marketplace);
    • contains links to other websites or online materials;
    • helps users locate information (for example, a tool to search for and compare product or pricing information from various sources); or
    • has messaging functionalities where messages are stored—temporarily or permanently—on your servers (such as an “Inbox” where the user can exchange messages with your business or with other recipients); or
  • Provide a data service where the data consists—in whole or in part—of information provided at the direction of users or other third parties;
  • Operate servers, cloud services, hosting services or “software-as-a-service” offerings that allow users to submit, store, or publish content; or
  • Provide network services whereby material transmitted by users is temporarily stored (“cached”) in your system as an incidental function of your service.


Under U.S. copyright law, simply creating a copy of someone else’s copyrightable subject matter without permission is a copyright infringement—even if that copy was created automatically through a technological process initiated at the direction of someone else. (For example, a user’s submission of materials to your website may result in a copy of these materials being automatically created on the website servers.)  Similarly, merely linking to infringing materials can give rise to a copyright infringement—even if you had no reason to know that the linked material was infringing.

Because automated copying and linking of online content are both inherently necessary to the operation of the Internet, Congress recognized that holding website operators and other service providers strictly liable for these activities in all cases could hinder the growth of the Internet and the advancement of related technologies (including networking and e-commerce).  As a result, when enacting the DMCA in 1998, Congress specifically provided certain “safe harbors” to protect service providers against claims of copyright infringement arising out of temporary or permanent storage of user-provided materials or linking to infringing materials.

Though each safe harbor has differing requirements (based on the activity of the service provider that is alleged to cause an infringement), the “notice and takedown” component is common to almost all DMCA safe harbors.  Under the “notice and takedown” component, a service provider can immunize itself from monetary liability to a copyright claimant by: (i) appointing an agent to receive notices of copyright infringement occurring via its service and (ii) upon receiving notice of an infringement, acting expeditiously to remove or block access to (“take down”) the infringing material.

Appointment of an Agent to Receive Copyright Notices—Required Steps.

As written, the DMCA provided specific instructions for appointing an agent for only one of the safe harbors—albeit the one with potentially the greatest applicability to most businesses, namely, the safe harbor against liability for information uploaded to or stored on websites or servers by users.  Under this safe harbor, the service provider must do both of the following for the appointment of an agent to be valid and meet the requirements for the safe harbor:

  1. Publish required contact information for the designated agent on a publicly-accessible page on the service provider’s website; and
  1. Provide the required contact information for the designated agent to the U.S. Copyright Office for inclusion in a public directory of such agents.


Since 1998, the Copyright Office has required that a service provider use a paper form to appoint its designated agent, which was then scanned into an electronic format and made available to the public via an online directory (there was also a fairly hefty filing fee of $135.00 per filing).  In addition to being cumbersome and non-searchable, over time much of the information contained in the directory became outdated (due to businesses not updating their contact information) and cluttered with defunct service providers.  Given this, effective December 1, 2016, the U.S. Copyright Office implemented a mandatory online mechanism for service providers to provide the required contact information for their designated agent.  This new mechanism places the burden on service providers to keep their information accurate and up-to-date or risk losing the protection of the DMCA safe harbors.

Key Points of the New Regulation:

1.  Mandatory Electronic Filing with the Copyright Office to Appoint an Agent. Starting December 1, 2016, all service providers seeking the protections of the safe harbor must use the U.S. Copyright Office’s online registration mechanism to appoint an agent to receive notices of copyright infringement.  Paper filings will no longer be accepted by the Copyright Office.

Note – The Notice on Your Website is Still Required. Be aware that the new mandatory electronic filing procedure does not eliminate the separate legal requirement that the service provider also publish the contact information for the appointed agent in a publicly-accessible page on the service provider’s website.  Failure to do so will mean that the service provider will not get the benefit of the safe harbor, even if the service provider has made the required filing with the Copyright Office.

2.  You Need to File under the New System Even if You Previously Appointed an Agent with the Copyright Office. As noted, the Copyright Office has maintained a directory of appointed agents since 1998, and you (or your attorney) may have already filed an appointment of copyright agent under the old system.  However, in an effort to clear out the outdated information that has accumulated in that time, on December 31, 2017, all appointments filed before November 30, 2016 will become invalid.  In short, even if you filed under the old system, you need to make a new filing under the new system if you wish to preserve the limitations on liability under the DMCA safe harbor beyond 2017.

3.  Service Providers Must Renew the Appointment of Their Agent At Least Every Three (3) Years. Once filed, each appointment will expire and become invalid three (3) years after the appointment is made, unless the service provider makes a filing with the Copyright Office to renew the appointment.  Failure to renew the appointment  will mean that the service provider loses the limitation on liability afforded by the safe harbor.

Note – There is a nuance to this “three (3) year rule”: to encourage service providers to keep their agents’ contact information current, the new regulations provide that the “three 3 year clock” is reset each time the service provider changes their appointment information (for example to change the name or address of their appointed agent).  In this case, the three (3) year clock starts running anew from the date the service provider updates its appointment with the Copyright Office.

Example:      Service Provider files with the Copyright Office to appoint an agent on March 1, 2017.  That appointment will expire three (3) years later (March 1, 2020) unless validly renewed.

However, if Service Provider makes a subsequent filing on June 1, 2017 to update its appointment, the three (3) year clock is reset from the date of the “update” filing (June 1, 2017), and will not expire until June 1 2020.

4.  The New Filing Requirement Applies to the “System Caching” and “Linking/Search Tool” Safe Harbors As Well. While several of the DMCA safe harbors require the service provider to act promptly to remove (or disable access to) allegedly infringing information once its appointed agent is notified, only one safe harbor—the one for “information stored by others”—specifically states that the agent must be appointed by a filing with the Copyright Office coupled with public notice on the service provider’s website. However, the explanatory comments to the new regulations make clear that this filing requirement—as well as the requirement of a public notice on the service provider’s website—are required to qualify for the DMCA safe harbors for “system caching” and “linking/search tool” activities as well.

This means that, even if you do not allow users to store information on your website or system, you should still make a filing under the new system if you wish to limit your liability for websites or business activities that involve:

  • providing links to third party information;
  • providing tools or functionality to locate third party information; or
  • automatic, temporary “caching” of third-party information (for example, as part of transmitting content from one user to another).


Obviously, the ability to avoid all monetary liability for certain copyright infringement claims is a prime motivator for service providers to obtain—and maintain—protection under the DMCA safe harbors.  But there are two additional benefits available to a service provider under the DMCA that are often overlooked.

  • First, if a service provider has validly designated an agent to receive notices of copyright infringement as required under the safe harbors, copyright claims that are made against the service provider—but are not sent to the service provider’s designated agent—generally do not count as putting the service provider “on notice” of the infringement, and do not trigger the obligation to remove (or disable access to) the material.
  • Second, a service provider who “takes down” allegedly infringing materials to protect itself against liability to a copyright claimant could inadvertently expose itself to liability to another party—namely, the party who originally provided the allegedly infringing content. (For example, disabling access to a customer’s content because of a copyright claim could be a breach of the service provider’s contract with that customer.)  To address this concern, the DMCA provides that a service provider will have no liability to any person for “taking down” material that is claimed to be infringing (though, in certain situations, the service provider must also notify the party who originally provided the allegedly infringing content and give them an opportunity to contest the “takedown” in order to take advantage of this additional protection against liability).

While the new regulations described above have a significant impact on the “notice and takedown” component of the DMCA safe harbors, bear in mind that complying with these new regulations is not the only thing you need to do to qualify for the benefits of the safe harbors. There are numerous safe harbors that may apply to your business activities, and each has additional specific requirements and conditions that must also be met before you can claim protection under an applicable safe harbor. If you have questions regarding the DMCA safe harbors or how to structure or protect your online business operations, contact Mike Stewart at or (770) 399-9500 for more guidance.

FH2 Alert – New Federal Trade Secret Law Requires Changes to Your Form Agreements

On May 11, 2016, President Obama signed the Defend Trade Secrets Act of 2016 (the “DTSA”) into law.  The DTSA—which went into effect immediately after being signed—creates a new right for trade secret owners to sue under federal law when their trade secrets are misappropriated, and also provides the trade secret owner with significant remedies for misappropriation (including seizure, injunctive relief, damages, and, in certain cases, double damages and attorneys’ fees).  But the DTSA also provides individuals with immunity for certain permitted disclosures of a trade secret—and requires an employer to notify its employees (including contractors and consultants) of these immunities in any contract or agreement with the employee that governs the use of trade secrets or other confidential information.

We will provide more in-depth guidance on the DTSA soon.  However, you need to know now that compliance with the DTSA necessitates immediate changes to certain of your form agreements with employees and individual independent contractors and consultants to incorporate the notices mandated by the DTSA.

Specifically, starting May 12, 2016, the DTSA requires all employers to include a new notice “in any contract or agreement with an employee that governs the use of a trade secret or other confidential information” if that contract or agreement is either entered into or updated after May 11, 2016.  This required notice must inform the employee about certain immunities from liability under federal or state trade secret law for disclosing a trade secret in connection with “whistleblower” activities or in legal documents filed under seal.

Some important points on this new notice requirement:

  • Applies to More than Just Your “W-2 employees”:  Under the DTSA, an “employee” for whom you must include the required notice includes not only your W-2 employees, but also any individual performing work for your business as a contractor or consultant.
  • Applies to “Any Contract or Agreement that Governs the Use of a Trade Secret or Other Confidential Information”:  Depending on your business, this could implicate revising multiple forms of contract documents that your business currently uses with its employees, contractors and consultants, such as employment agreements, invention assignment or “work made for hire agreements”, independent contractor agreements and confidentiality/non-disclosure agreements.
  • Noncompliance Also Limits Remedies under the DTSA:  Failure to include this notice when required also means that the employer cannot recover double damages or attorneys’ fees under the DTSA when bringing a claim for trade secret misappropriation against that employee.
  • Be Mindful of Existing Agreements:  The notice requirement applies to “contracts and agreements that are entered into or updated after” May 11, 2016. So, while the DTSA does not require you to amend agreements you executed before May 12, 2016 solely to add the new notice, it does require you to add the notices to those agreements if you amend or update them for other reasons after May 11, 2016.

Note—The DTSA provides that the mandatory notice requirement may also be satisfied by including in your agreement a reference to a “policy document” (for example, a handbook) that is provided to the employee and sets forth your reporting policy for a suspected violation of law. However, even then, your agreements may still need to be updated to include such a reference, and the associated “policy document” should be reviewed to ensure it complies with the DTSA.

If you would like assistance with revising your agreements to comply with the new requirements under the DTSA, or if you have questions about the DTSA or protecting your trade secrets generally, contact Mike Stewart at Friend, Hudak & Harris, LLP.

Insurance for Technology Businesses: Are You Covered?

Most prudent businesses today carry at least certain standard insurance coverages to protect against risks and liabilities arising out of the conduct of their business. These threshold coverages usually consist of a Commercial General Liability (CGL) policy, coupled with a workers’ compensation and employer’s liability policy and a commercial automobile liability policy. However, the provision of technology-related products and services entails certain unique risks not faced by the “ordinary” business, and a business engaged in providing those products and services (and their customers) run the risk of a very unpleasant surprise when a claim is made and the business discovers that these standard insurance products may not provide coverage. As such, businesses that provide technology-related products and services – from software development and licensing to IT professional services and data hosting – should be aware of additional insurance products that are available to insure against the risks that are unique to their business operations.

Why Isn’t a CGL Policy Enough? Though the exact terms of coverage may vary from policy to policy and from insurer to insurer, CGL policies generally protect a business from a third party’s claim of negligence that results in bodily injury or physical damage to property. In addition, a CGL policy may provide coverage against infringement of certain intellectual property rights if the alleged infringement occurs in the course of advertising or marketing the business’ goods and services.

However, CGL policies typically exclude certain risks that are actually quite common in the provision of technology-related products and services. For example:

  • Defects in Products and Services/Contract Performance Disputes – a failure or error of a technology product or service is more likely to result in financial damage to a third party than to cause bodily injury or physical damage to a third party’s property – but purely financial losses caused by the negligence of an insured are usually excluded from coverage under the CGL policy. This means that a CGL policy will quite likely not protect a business against claims arising out of programming errors, software performance, or the failure of products and services to perform as promised in a contract.
  • Subcontractors – technology service providers often supplement their work force through the use of subcontractors and independent contractors – but the acts of subcontractors and independent contractors are usually not covered by a CGL policy.
  • Professional Services errors and omissions arising out of the provision of professional services (for example, IT consulting and implementation services) are usually excluded from coverage under a CGL policy.
  • Data Breaches in the past, many courts have construed CGL policies to not provide coverage for data breaches (for example, in some cases, on the rationale that data is not tangible “property” and, in other cases, on the grounds that a data breach did not constitute “publication” of private information to qualify for coverage as an “advertising injury”); to avoid an uncertainty, many insurers have now begun to expressly exclude data breaches from coverage under a CGL policy.
  • Infringement of Intellectual Property, especially Patents as noted above, most CGL policies exclude coverage for claims arising out of the infringement of intellectual property rights if the infringement does not occur in connection with “advertising” – but even then, claims of patent infringement are almost always excluded from coverage under all circumstances. Given the proliferation of infringement claims by “patent trolls” and other non-practicing entities (NPEs), lack of coverage against such claims is a significant area of concern for all providers (and customers) of technology-related products and services.

Additional Insurance Technology Companies Should Consider. The following are some additional available insurance coverages that are more specifically tailored to the risks and liabilities faced by providers of technology-based products and services and so may be used to fill “gaps” left by a CGL policy. Of course, the terminology for a given type of coverage may vary from insurer to insurer, and not all insurance policies provide the same coverage; in addition, certain of the coverages listed below may already be included under another insurance product or added as a rider. In short, the devil is in the details, so you should always consult with your insurer or broker and review each policy carefully to make sure that a given insurance product meets your needs.

1. Technology Errors and Omissions (Tech E&O).  Tech E&O coverage is a species of the more well-known professional liability/professional errors & omissions coverage, and it often supplements the CGL policy in important ways specific to a technology-related business. Tech E&O insurance generally protects the insured against a third party’s (such as a customer) claims of financial loss caused by either (i) the failure of the insured’s product to perform as promised, or (ii) an act, error, or omission committed by the insured in the course of its performance.

  • Tech E&O applies to claims arising out of the performance of professional services. To avoid confusion, it is important to note that “professional services” not only include the rendering of services but also the offering or provision of technology-related products as well. For example, IT/network consultants, website designers and cloud storage companies provide technology services, while software licensors and hardware manufacturers offer technology products.
  • Tech E&O provides coverage for defects in products and certain services/contract performance disputes. As noted above, failure or error of a technology product or service more often gives rise to purely financial damage (for example, monetary loss caused by failure to deliver as promised or failure to meet contractual service levels) rather than causing bodily injury or physical damage to a third party’s property. As such, Tech E&O coverage is a good complement to a CGL policy – if there is no coverage under the CGL policy because there is no physical damage or bodily injury caused by the error, a Tech E&O policy may provide coverage (and, conversely, a CGL policy would provide coverage where the error does cause physical damage or injury, which is usually excluded from the Tech E&O coverage). It is important to note, however, that the Tech E&O coverage does not provide blanket coverage for all contract performance claims or disputes. Generally speaking, Tech E&O policies only cover those defects or performance issues that arise out of the negligence of the insured (or, in some cases, its unintentional acts or omissions) – Tech E&O coverage does not protect an insured against its intentional failure to perform in accordance with a contract.
  • Tech E&O often provides coverage for the negligent acts of your subcontractors and independent contractors.
  • Tech E&O often provides coverage for claims of copyright infringement arising out of the covered activities of the insured. This can be especially useful against claims that your software or other work product was used without an appropriate license or was “copied” from copyrightable subject matter owned by a third party.

However, there are still important risks that a typical Tech E&O policy generally does not cover. For example, Tech E&O policies typically do not protect the insured against:

  • Claims of patent infringement; or
  • Data breach or other failure to protect personally identifiable information.

As these risks are typically not covered by either a CGL policy or a Tech E&O policy, the business should continue to consider the availability of other protections to mitigate these risks.

2. Data Breach and Malware – Cyber Risk Insurance (a/k/a Cybersecurity or Privacy and Network Liability Insurance). Protection against cyber risk may be obtained via a separate policy or, sometimes, may be added as coverage under another policy, such as a Tech E&O policy. As with any insurance product, coverage for cyber risk can vary widely from policy to policy, especially with respect to the scope of coverage and associated policy limits and sub-limits. Nonetheless, cyber risk coverage differs from typical CGL and Tech E&O polices in two important ways:

  • Cyber risk coverage expressly provides coverage for data breaches; and
  • In addition to protecting the insured against liabilities to third parties (which may include not only customers, business partners, and regulatory agencies but also the business’ own shareholders), cyber risk policies often cover the insured’s own losses arising out of a breach. These losses can include, for example:
    • costs of investigating the breach;
    • expenses of data restoration and recovery;
    • business interruption and expenses to get “up and running” again (which may include, under certain policies, “extortion” payments necessary to retrieve or restore data that has been encrypted or otherwise held for ransom by criminals); or
    • costs of any legally-required data breach notification and, if applicable, costs of credit monitoring for persons whose non-public information was compromised in the breach.

With respect to liabilities to third parties arising out of a data breach, a well-crafted cyber risk policy can protect the business against:

  • costs of defending against third party lawsuits and payment of settlements or judgments against the insured; and
  • costs of defense to investigations and prosecutions brought by regulatory or administrative agencies, along with payment of any resulting fines and penalties levied upon the insured.

Additional practical benefit. Of course, actually obtaining coverage against data protection risks is the ultimate benefit of acquiring cyber risk coverage; however, even merely reviewing the application forms can be of practical benefit to the business. This is because the application process for cyber risk coverage often includes a detailed questionnaire regarding the data protection and security practices actually employed by the business, which can can serve as a useful “self-assessment” to identify areas in which the business can improve its data protection and security practices.

3. Patent Infringement Liability Insurance. Patent litigation in the technology sector is at an all-time high, and this is attributable in large part to the proliferation of suits by “patent trolls” and other NPEs – entities who acquire patents for the primary purpose of enforcing them against others for monetary gain rather than actually utilizing the patents to create or market useful goods or services. However, claims of patent infringement are almost never subject to coverage under a CGL policy. (While some policyholders have successfully argued that such claims are in fact covered under the “advertising injury” provisions of a CGL policy, such successes are rare and very fact-dependent.)

Given this, some insurers have recently begun offering insurance products specifically tailored to protect the insured against third party patent infringement claims. The terms of available patent infringement liability policies can vary significantly, though the cost of such policies is uniformly high, no doubt owing to the costs of mounting a defense to a patent infringement claim and the potential for high damages awards if the defense is unsuccessful. Nonetheless, as with any insurance product, there are certain variables in the scope of protection purchased that can be tailored to help manage the purchase price, such as:

  • whether the policy covers the defense of a patent infringement claim only or covers both defense of the claim and indemnification obligations owed to a third party;
  • whether the policy covers other attendant costs and expenses incidental to a patent infringement claim, such as product redesign costs; and
  • whether the policy protects against any and all patent infringement claims or merely protects against “weak” cases commonly associated with “patent trolls” (in the latter situation, the policy may state that coverage will not apply unless the insurer determines that the insured stands a substantial chance of success against the infringement claim).

When considering whether to purchase patent liability infringement insurance, it is important to keep in mind that most policies will exclude coverage for a given patent infringement claim if the insured had previously been threatened by the owner of the patent or was otherwise aware of a risk that it would be sued for infringement of that patent.