Posts

MRR Alert ~ Ohio Supreme Court Makes it Clear: Faulty Work is not Fortuitous

By: Chenee M. Castruita

On October 9, 2018, The Ohio Supreme Court issued its anticipated Decision in Ohio Northern University v. Charles Construction Services, Inc., et al., Slip Opinion No. 2018-Ohio-4057 holding that a subcontractor’s faulty work is not an “occurrence” under a commercial general liability (“CGL”) policy. The Court determined that in the commercial construction setting, an insurer underwriting and issuing CGL coverage is not required to defend or indemnify its policyholder or any named insured against claims for property damage caused by a subcontractor’s faulty workmanship.

A Review of Westfield Inc. Co. v. Custom Agri Sys., Inc. (2012) 133 Ohio St.3d 476, 2012-Ohio-4712, 979 N.E.2d 269

In reaching this Decision, the Court re-visited its 2012 holding in Westfield Inc. Co. v. Custom Agri Sys., Inc. In this earlier case, Custom Agri, as a subcontractor, had allegedly faultily constructed a steel grain storage bin. Custom Agri was an insured under a CGL policy issued to it by Westfield Insurance which covered property damage caused by an “occurrence.” Westfield Inc. Co. v. Custom Agri Sys., Inc., 133 Ohio St.3d 476, 2012-Ohio-4712, 979 N.E.2d 269 at ¶ 3.At the trial court level, Westfield intervened, seeking declaratory judgment and a determination that it had no duty to defend or indemnify Custom Agri, inasmuch as all claims were related to Custom Agri’s own work and did not involve “property damage” caused by an “occurrence”, as those terms were defined within the Westfield policy. Ohio N. Univ. v. Charles Constr. Servs., Inc., Slip Opinion No. 2018-Ohio-4057 at ¶¶ 13-15, citing Westfield Inc. Co. v. Custom Agri Sys., Inc., 133 Ohio St.3d 476, 2012-Ohio-4712, 979 N.E.2d 269.

The Ohio Supreme Court ultimately decided that the Westfield’s policy definition of “occurrence” as being an “accident, including continuous or repeated exposure to substantially the same general harmful conditions” did not include property damage caused by the insured contractor’s own faulty work. Ohio N. Univ. v. Charles Constr. Servs., Inc., Slip Opinion No. 2018-Ohio-4057, citing Westfield Inc. Co. v. Custom Agri Sys., Inc., 133 Ohio St.3d 476, 2012-Ohio-4712, 979 N.E.2d 269 at ¶¶ 11-14. The Court reasoned that because an “accident” inherently involves fortuity, and faulty work is not fortuitous, there was no coverage under the Westfield CGL policy related to claims for property damage caused by faulty work. Id. at ¶ 18.

While Custom Agri Sys. was a subcontractor and its policy may have included a products-completed operations-hazard (“PCOH”) clause as well as a subcontractor clause, the Court determined that these separate provisions were not addressed directly. Now, and in its most recent Decision on the issue, the Ohio Supreme Court has directly addressed the effect of PCOH and subcontractor clauses. Id. at ¶ 19.

 

Ohio Northern University v. Charles Construction Services, Inc., et al. (2018)
Slip Opinion No. 2018-Ohio-4057

Factual Background
In Ohio Northern University v. Charles Construction Services, Inc., et al., Ohio Northern University contracted with Charles Construction Services, Inc. to construct the University Inn and Conference Center. The contract required Charles Construction to maintain a CGL policy that included a PCOH clause. Charles Constr. at ¶ 4. Charles Construction obtained a CGL policy with both a PCOH clause as well as a subcontractor clause from Cincinnati Insurance Company. The policy included terms specific to work performed by subcontractors. Charles Construction paid an additional premium for the PCOH coverage. Id. at ¶ 5.

After work was completed, Ohio Northern University discovered water damage from leaks believed to be caused by defective work of Charles Construction and its subcontractors. Ohio Northern University filed suit, and Charles Construction answered and filed third-party complaints against its subcontractors. Charles Construction submitted its claim to Cincinnati Insurance Company and asked that it defend and indemnify Charles Construction. In response, Cincinnati Insurance Company intervened at the trial court level, seeking declaratory judgment and a determination that it was not obligated to either defend or indemnify Charles Construction, due to the earlier Decision in Custom Agri. Id. at ¶¶ 7-8.

The particular PCOH clausecovered property damage “occurring away from premises you own or rent and arising out of  *** ‘your work’ except *** work that has not yet been completed or abandoned”. Charles Constr. at ¶ 24. It further excluded coverage for property damage to the policyholder’s work arising out of it or any part of it.  However the Court  specifically stated the exclusion did not apply if the damaged work was performed by a subcontractor. Id. at ¶ 26.

The Ohio Supreme Court’s Analysis
Despite the Cincinnati Insurance Co. CGL policy containing both PCOH language as well as subcontractor-specific language, the Court found there was no coverage for the subcontractor’s faulty work. Specifically, the Court found the PCOH and subcontractor-specific language had no effect, since the damage was not due to an “occurrence” under the Coverage A portion of the Cincinnati Insurance Co. CGL policy:

“The language within the Coverage A portion of the CGL policy is critical to the policy’s overall effect. It states that CIC agrees to pay for property damage under certain circumstances. But the damage must be due to an “occurrence,” which the policy defines as “an accident, including continuous or repeated exposure to substantially the same general harmful conditions.” Again, there is no question that the water-related damage to the inn was “property damage” and was discovered after the work had been completed. But unless there was an “occurrence,” the PCOH and subcontractor language has no effect, despite the fact that Charles Construction paid additional money for it.

If the subcontractors’ faulty work were fortuitous, the PCOH and subcontractor-specific terms would require coverage. But as we explained in Custom Agri, CGL policies are not intended to protect owners from ordinary “business risks” that are normal, frequent or predictable consequences of doing business that the insured can manage. Here we cannot say that the subcontractors’ faulty work was fortuitous.”

Ohio N. Univ. v. Charles Constr. Servs., Inc., Slip Opinion No. 2018-Ohio-4057 at ¶¶ 28-29, citing Westfield Inc. Co. v. Custom Agri Sys., Inc., 133 Ohio St.3d 476, 2012-Ohio-4712, 979 N.E.2d 269.

The Court acknowledged its decision to be contrary to recent decisions of other courts, and cited its duty to look to the plain and ordinary meaning of the language in the CGL policy to find the intent of the parties. Id. at ¶ 32.

Looking Forward
It seems clear from this Decision that the Court considers faulty construction work to be an anticipated business risk of a contractor or general contractor, and will not require an insurer to defend or indemnify against claims or damages arising out of faulty work, at least in cases where a CGL policy exists limiting covered damages to those caused by an “occurrence.”

Contractor and subcontractors should revisit their current insurance risk plans and coverages, and work directly with their respective brokers, agents and insurers to determine the current status of their risk coverages.

We also recommend those contractors that are either anticipating or presently involved in pending litigation reach out to their insurers, agents and/or brokers, immediately, for further guidance.


For more information on Ohio Northern University v. Charles Construction Services, contact Chenee Castruita at 614.324.1039 or via email at ccastruita@mrrlaw.com.

 

Ohio Safe Harbor for Cybersecurity Compliance Effective this November

Ohio’s Data Protection Act becomes effective November 2, 2018

By: Chenee M. Castruita

Ohio’s incentive for businesses to actively create, maintain and comply with cybersecurity programs becomes effective November 2, 2018. Senate Bill 220, also known as the Data Protection Act, will amend Ohio Revised Code Sections 1306.1 and 3772.01 and enact Chapter 1354, and will encourage businesses to comply with an industry-recognized cybersecurity framework. Those who do, may use such compliance as an affirmative defense to any tort action arising out of an alleged failure to implement reasonable information security controls.

Personal and Restricted Information

The safe harbor defense is available not only for those actions based on an alleged breach of personal information, but restricted information as well. Personal information is defined as the connection of a person’s name with another identifier such as their Social Security number, driver’s license or state identification number, or a financial account number. Businesses are currently required to disclose data breaches involving personal information under O.R.C. § 1349.19.

Restricted information is much broader in that it includes “any information about an individual, other than personal information, that, alone or in combination with other information, can be used to distinguish or trace the individual’s identity or that is linked or linkable to an individual”. Consider information such as email addresses, member ID numbers, or PINs being released without any connection to the individual’s name. The inclusion of restricted information in O.R.C. Chapter 1354 gives businesses an opportunity to demonstrate compliance even if the information affected is not of a nature which would trigger the disclosure requirements of O.R.C. § 1349.19.

Compliance Requirements

To be eligible for the affirmative defense, the cybersecurity program must 1) protect the security and confidentiality of the information; 2) protect against any anticipated threats or hazards to the security or integrity of the information; and 3) protect against unauthorized access to and acquisition of the information that is likely to result in a material risk of identity theft or other fraud to the individual to whom the information relates.

As this safe harbor provision is available to businesses of all sizes, Ohio legislators have recognized that a “one size fits all” approach is not appropriate when it comes to evaluating a cybersecurity program. Whether the scale and scope of a cybersecurity program is appropriate will depend on a number of factors, including the business’s size and complexity, the nature and scope of its activities, the sensitivity of the information to be protected, the cost and availability of tools to improve information security and vulnerabilities, and the resources available to the business.

An eligible business will create, maintain, and comply with at least one of multiple frameworks identified in the legislation, including frameworks developed by the National Institute of Standards and Technology (NIST), the Center for Internet Security Controls for Effective Cyber Defense, the security requirements of HIPAA, and the Payment Card Industry Data Security Standard (PCI DSS).

These programs contain administrative, technical and physical safeguards as required under O.R.C. Chapter 1354. Administrative safeguards address security and information management, incident procedures, and contingency plans, among other items. Technical safeguards include controls on access, audits, and integrity. Finally, physical safeguards relate to who physically accesses the information and how the information is used.

A business complies with one of the identified frameworks so long as it updates its own program within one year of any revisions to the framework itself.

Implementation and Looking Forward

A compliant cybersecurity program will touch on every aspect of a business and should influence employee training, vendor selection and agreements, and top-to-bottom evaluation of access to information.

Vendors should be able to provide information as to their own cybersecurity measures and policies. Employees should be made aware of your cybersecurity program, and they should be trained in its procedures as much as they are in the day-to-day operations of your business. Finally, there should be an ongoing evaluation as to who should have necessary access to information, what kind of information they should be able to access, and when they should be able to access the information.

Generally, cybersecurity firms differ from IT firms, and as such businesses should feel comfortable having a conversation with their current IT vendors about their ability to assist in implementing and maintaining a cybersecurity program. It may be necessary to retain a cybersecurity firm.

It is important to note that the safe harbor only provides an affirmative defense-not an absolute immunity- to tort actions. This will not apply to actions arising out of breach of contract, and the business will still need to demonstrate its compliance with its chosen framework.

Also noteworthy is the legislation’s allowance of transactions and contracts via blockchain technology, which allows transactions with cryptocurrencies such as Bitcoin to take place. While not all businesses are comfortable using these technologies, currencies like Bitcoin are increasing in use and popularity due in part to the ability to verify the legitimacy of the transaction. Ohio’s Data Protection Act gives some peace of mind to businesses who have been hesitant to participate in blockchain technology.

Ohio’s Data Protection Act encourages businesses to jumpstart their cybersecurity programs and provides them with the frameworks to do so. While there is certainly an up-front cost to implementing a cybersecurity program, the amount of data and privacy breaches in recent years makes it a worthwhile investment.


For more information on Ohio’s Data Protection Act and Ohio Safe Harbor compliance, contact Chenee Castruita at 614.324.1039 or via email at ccastruita@mrrlaw.com.

 

Chenee M. Castruita Joins MRR’s Columbus Office

Mazanec, Raskin & Ryder Co., L.P.A. (MRR) announced today that Chenee M. Castruita has joined the firm as an associate.

Ms. Castruita focuses her practice in the areas of civil rights and government liability, employment and labor law, and insurance coverage and bad faith claims.

A graduate of The Ohio State University Moritz College of Law, Ms. Castruita is admitted to the bar in three states—Ohio, Kentucky, and West Virginia. She was a member of the Barrister Leadership Program, Class of 2015, of the Columbus Bar Association (CBA) and has also served as a member of the Leadership Program’s Planning Committee. Ms. Castruita is a member of the Ohio State Bar Association, Women Lawyers of Franklin County, and the Chief Justice Thomas J. Moyer American Inn of Court. Active in the community, she is a Columbus affiliate volunteer with the Pancreatic Cancer Action Network and also volunteered with Columbus Sole from 2014 through 2016.

Save