Insurance policyholders may want to temper their reactions to yesterday’s decision by the United States Court of Appeals for the Fourth Circuit in Travelers Indemnity Co. of America v. Portal Healthcare Solutions LLC.

In its unpublished opinion, the Fourth Circuit affirmed a lower court ruling that Portal Healthcare’s data breach was covered under the company’s commercial general liability (CGL) policies. While the decision is significant, it’s worth highlighting an important fact: the policies at issue were issued in 2012 and 2013. More recent CGL policies may contain language purporting to exclude data breaches and other cyber events from traditional CGL coverage. An exclusion that surfaced in 2014, for example, precludes coverage for claims arising out of access to or disclosure of confidential or personal information.

On January 15, 2015, the Texas Supreme Court will hear oral arguments concerning whether a “potentially responsible party” (PRP) letter from the Environmental Protection Agency (EPA) for liability for hazardous waste contamination triggers the duty to defend under commercial general liability (CGL) policies.