Great point. I don't think most business owners yet realize this issue. Maybe even some IT managers. I have to assume your media policy wording provides coverage for such an incident?

It would be interesting to know how this suit turns out.

Thanks for your comment Tim. At Euclid Managers, we do contemplate smartphones when crafting privacy and security coverages for our insureds. In fact we offer a security coverage enhancement that specifically provides protection for failure to prevent the theft or loss of an individual person's private data on a laptop or other device or medium containing content. This other device or medium containing content could certainly be a smartphone.

But the media product that you reference likely would not be involved in a situation on these particular facts since the defendant isn’t a media company. Talking hypothetically, in a similar situation a person whose private information on a smartphone was publicly distributed could conceivably bring an action against either the phone’s owner or the party that allegedly distributed the information (McDonald’s in this case) or both. The question of coverage would depend not just on the particular policy’s terms but also on things like: who is the defendant, the phone’s owner or the company that distributed the information; was it a company phone or a personal phone; was the information that was distributed kept as a part of the business, in connection with providing professional services, or had information that was purely personal to the phone’s user been placed on the phone (such as a nude photograph); what was the nature of the private information, a social security number or a trade secret; whose information was distributed, an employee, a customer or a third party? It’s not possible to express an opinion about whether any policy or coverage enhancement, ours or another company’s, would provide coverage without a concrete set of facts.