By Travis Toemoe, Peter Yeldham and Alexa Milosevic. King & Wood Mallesons’ Sydney office

toemoe_tDefining what is and what isn’t “tangible property” should be easy. Right? There are a plethora of accepted definitions about tangible property being something that can be touched, perceived or held. Take, for example, flipping a coin. The outcome is binary, that is, something is either tangible or it isn’t. But if your business is heavily invested in protecting its data, you might want to flip the coin again.

It is not uncommon for insurance policies to stipulate that the insurer will pay damages arising from “property damage”, or provide a sub-limit on recovery for damage to property. Property damage usually refers to some form of physical damage to, or loss of, or destruction of “tangible property”. As ever, the law in this area has been slow to keep up with advances in technology. Whether data or electronic information can be considered “tangible property” (and therefore insured property) poses an important question for insurers and policyholders alike. Put simply, is your data insured or not?

What is “tangible property”?

The term data itself has a broad meaning. Nevertheless, the question whether data is “tangible property” has not been directly considered within Australia, and there are a number of conflicting views emanating from America, UK, and New Zealand. The judicial discourse in these states focuses largely on the physical manifestation or corporeal element of the data. Conventionally, for something to be considered tangible property, it is (in the words of an accepted legal dictionary):

“property that has a physical form and substance and is not intangible. That which may be felt or touched, and is necessarily corporeal, although it may be either real or personal (eg ring or watch).”

With little judicial dishonesty, the Courts have been able to apply this concept readily. A number of overseas courts have rejected coverage for property damage on the basis that data on a computer disk, or sent by fax machine, telephone or computer, or in electronic form, is not tangible property. A common thread is that the computer or device is tangible as it can be touched, but “[a]lone, computer data cannot be touched, held, or sensed by the human mind; it has no physical substance. It is not tangible property.”

The emphasis on physical form of tangible property has divided courts. For example, in a case before the Louisiana Court of Appeal, the Court classified computer software as tangible property, stating that:

“When stored on magnetic tape, disc, or computer chip, this software, or set of instructions, is physically manifested in machine readable form by arranging electrons, by use of an electric current, to create either a magnetised or unmagnetised space.”

In contrast to this, other cases have held that software constitutes “intangible instructions” being “no more than ideas expressed in logical form” where there is no physical manifestation. With continued moves toward cloud computing, the issue perhaps is only going to become murkier.

An easy example of the case for excluding data from any characterisation as “tangible property” comes from a case before the High Court of New Zealand which considered whether computer software came within the definition of “tangible property” for the purposes of the Tax Administration Act 1994 (NZ). Unlike the Louisiana Court of Appeal, which gave “tangible” a wider meaning beyond the ordinary English meaning of the word, the High Court of New Zealand adopted a narrower construction of “tangible” as simply being able to be touched”. On this basis, it was held that software could not be touched and was therefore intangible.

The case for expanding tangible property to include data

In an era where cyber-crime and breaches in data security have become a real threat for firms and the losses which could potentially flow from a loss of data are significant, it is not inconceivable that damage to data could, in certain circumstances be classified as damage to physical property.

The focus on the physical element of tangible property has generally been to the exclusion of other elements of tangibility, for example, the necessary exclusion of “intangible property”. Intangible property is defined as property that has no intrinsic and marketable value, but is merely the representative or evidence of value, such as certificates of deposit, bonds, promissory notes, copyrights and franchises. It is difficult to see how in this day and age of “big data” that data has no intrinsic value.

Expanding the scope of “tangible property” beyond the sole consideration of physicality has been considered in case law concerning similar digital property. Web pages and domain names have been held to be tangible property. In these examples, the Courts have considered that the ability of authorised users to alter the content on web pages, and physically restrict access to web pages and domain names by use of security measures, is an element of “tangible property”. Access to computer data can equally be restricted by the use of passwords and other security measures.

Take for example, a paper document with valuable information on it. It is uncontroversial that the document (and the data on it) is tangible. Why should that possibly change once that same data and information has been scanned and saved to a computer system becoming an electronic file. That file takes up space on a hard drive (somewhere), can be touched with a mouse or manipulated by hand on a tablet. It can be edited, emailed, deleted or copied – all of which are manifestly physical acts. In this sense, the traditional definitions of “tangible property” can be used against the orthodoxy of some Courts and insurers.

What does this mean for your business?

Given the potential uncertainty surrounding the tangibility of data, a lack of guiding Australian authority on the matter, and conflicting authority from other jurisdictions, parties to insurance contracts should consider whether policies relating to property damage or loss to property, covers or excludes data. Insurers and policyholders might want to ensure that the position is expressly stated for certainty.