OneBeacon America Insurance v. Urban Outfitters, Inc.

21 F. Supp. 3d 426, 2014 U.S. Dist. LEXIS 67719, 2014 WL 2011494

• Court: District Court, E.D. Pennsylvania
• Decided: May 15, 2014
• Docket: Civil Action No. 13-5269
• Status: Published

Opinion

MEMORANDUM

DALZELL, District Judge.

The parties to this declaratory judgment action filed cross-motions for summary judgment seeking a declaration as to whether OneBeacon America Insurance Company (“OneBeacon”) and The Hanover Insurance Group (properly known as The Hanover Insurance Company and herein “Hanover”) have a duty to defend retailers Urban Outfitters, Inc. and its Anthropolo-gie, Inc. subsidiary (collectively, “Urban Outfitters”) in three putative class-action suits regarding the retailers’ collection of customer ZIP code data in alleged violation of state or local privacy laws.¹

We will grant OneBeacon and Hanover motions for summary judgment for the reasons detailed below and deny Urban Outfitters’ motion for partial summary judgment. For the reasons that follow, we declare that neither insurer has a duty to defend either Urban Outfitters or Anthro-pologie in any of the three class actions at issue here.

I. Factual and Procedural Background

A. The Parties

This insurance dispute arises from Urban Outfitters’ request for defense coverage in three underlying lawsuits alleging that the retailers violated state statutes and common law privacy rights when they gathered personal ZIP code information while processing credit card purchases. Urban Outfitters (“UO”) MSJ at 2. Both retailers are co-defendants in Hancock v. Urban Outfitters, Inc. (“Hancock”)² and Dremak v. Urban Outfitters, Inc. (“Dre-mak”);³ and Urban Outfitters is the sole defendant in a third action, Miller v. Urban Outfitters, Inc. (“Miller”).⁴ Joint Appendix (“JA”), Ex. 1-3.

OneBeacon issued Urban Outfitters a combined commercial general liability (“CGL”) and umbrella policy⁵ for the period July 7, 2008 to July 7, 2009⁶ and an identical policy for July 7, 2009 to July 7, 2010,⁷ under which Urban Outfitters and Anthropologie are named insureds. One-Beacon MSJ at 7. OneBeacon also issued a similar policy for July 7, 2010 to July 7, 2011 which is a “fronting” policy for which Hanover is responsible.⁸ Id. at 8; see also Hanover MSJ at 3.

Separately, Hanover issued Urban Outfitters primary CGL and umbrella policies for the periods July 7, 2011 to July 7, 2012⁹ and July 7, 2012 to July 7, 2013.¹⁰ Hanover MSJ at 3. Urban Outfitters and Anthropologie are named insureds under each of the four policies. JA, Ex. 7-10.

B. The Underlying Actions

1. The Hancock Complaint

Plaintiffs in Hancock assert two statutory causes of actions against Urban Outfitters and Anthropologie. They allege that, since June 21, 2010, the retailers requested and collected customer ZIP codes in violation of the District of Columbia’s Consumer Identification Information law, which provides in relevant part that:

(a) Except as provided in subsection (b) of this section, no person shall, as a condition of accepting a credit card as payment for a sale of goods or services, request or record the address or telephone number of a credit card holder on the credit card transaction form.

(b) A person may record the address or telephone number of a credit card holder if the information is necessary for the shipment, delivery, or installation of consumer goods, or special orders of consumer goods or services.

D.C.Code § 47 — 3153(a)—(b); see JA, Ex. 1, ¶¶ 3, 23, 34.

Pursuant to D.C.Code § 47-3154, any customer whose consumer identification information is obtained in violation of Section 3153 shall be entitled to actual damages or $500, whichever is greater, as well as to injunctive relief. See JA, Ex. 1, ¶ 4.

The plaintiffs also allege that Urban Outfitters knew or should have known that the District of Columbia Protection Act makes it illegal to (1) misrepresent a material fact which has a tendency to mislead; (2) fail to state a material fact if such failure tends to mislead; or (3) use deceptive representations in connection with the sale of consumer goods. Id. at ¶ 5. The plaintiffs allege that requesting credit card holders’ ZIP code information at checkout constitutes misrepresenting a material fact that has a tendency 'to mislead, that is, that the cardholders’ disclosure of a ZIP code was needed to complete the transaction. Id. at ¶ 62. Violation of this statute subjects the violator to treble damages or $1500 per violation, whichever is greater, plus reasonable attorney’s fees, punitive damages and an injunction against further violations, remedies that are cumulative to other penalties. Id. at ¶¶ 6, 58.

The complaint alleges that Urban Outfitters matched the illegally obtained ZIP code information with customers’ names “to identify the customers’ home/business address via commercially available databases.” JA, Ex. 1 at ¶ 2. The complaint further alleges that it is the defendants’ corporate policy to “train and require” their employees to ask credit card customers for their ZIP code information “despite knowing, or being on constructive notice” that this policy violates District of Columbia law. Id. at ¶¶ 66, 67.

On March 14, 2014, the district court for the District of Columbia granted defendants’ motion to dismiss and plaintiffs have filed an appeal with the Court of Appeals for the District of Columbia Circuit.¹¹

2. The Dremak Complaint

The California plaintiffs in this consolidated action also assert a statutory claim. They allege that, since February 15, 2010, Urban Outfitters “systematically and intentionally” violated the Song-Beverly Credit Card Act of 1971 which prohibits the “misuse of personal identification information for ... marketing purposes.” JA Ex. 3, ¶¶ 2, 14. The complaint alleges the retailers violated this Act by requesting personal identification information, including ZIP code information, during credit card transactions, and then recording that information at the electronic point-of-sale register, as a result of which the retailers recorded customers’ name, credit card number and ZIP code information in their electronic databases. Id. at ¶¶ 2, 6-10.

The defendants allegedly used the information collected in the databases — information not required to complete the credit card purchase — to “mine[ ] and index[ ] for their own business purposes, e.g. targeted marketing, and ... also sell the personal information to other businesses.” Id. at ¶¶ 16, 17. Plaintiffs seek penalties, restitution, disgorgement, injunctive relief and attorney’s fees. Id. at 13.

On February 24, 2014 the parties in the underlying California action stipulated to voluntary dismissal of three common law claims for negligence, violation of privacy, and intentional intrusion on seclusion. Id. at ¶¶ 35-41, 53, 56-59; see also Dkt. entries 44 and 45 (OneBeacon and Urban Outfitters’ letters to the Court). The sole remaining count in the underlying case is the statutory claim.

3. The Miller Complaint

Plaintiffs in this Massachusetts class action sued Urban Outfitters alone for allegedly violating a state statute that prohibits unfair and deceptive business practices. JA, Ex. 2 at ¶ 35. They also assert a claim for unjust enrichment. Id. at ¶¶ 44-47. The Miller plaintiffs allege that since August 15, 2009 Urban Outfitters collected and recorded ZIP code information for its own promotional and marketing purposes and used that information, along with the customer’s name, to identify his address and telephone number through publicly available databases. Id. at ¶¶ 15, 24.

The class members allege they were injured when they received Urban Outfitters’ unsolicited promotional and marketing material. Id. at ¶¶ 36, 37. As part of the claimed statutory violation, plaintiffs also allege that Urban Outfitters misappropriated their commercially valuable personal identification information and invaded their privacy, id. at ¶¶ 38, 39, in willful and knowing violation of the state statute. Id. at ¶ 40. They separately alleged unjust enrichment, that is, that defendant Urban Outfitter’s acceptance of the eommereially-valuable personal information was inequitable and requires restitution. Id. at ¶ 47.

Plaintiffs seek actual and statutory damages, double or treble damages, disgorgement of profits attributable to those allegedly unlawful acts, injunctive relief and attorney’s fees. Id. at ¶ 42. In September of 2013, Urban Outfitters removed Miller to the United States District Court for the District of Massachusetts, where discovery is currently underway pursuant to that Court’s scheduling order.¹²

C. Procedural History

OneBeacon filed this coverage action against Urban Outfitters and Anthropolo-gie on September 10, 2013, seeking a declaration that it has no duty to defend or indemnify the defendants in the three ZIP code suits. Urban Outfitters joined Hanover as a third-party defendant on October 25, 2013 seeking coverage from Hanover in those state actions, and amended the complaint on November 15, 2013. Hanover filed an answer and counterclaim to the amended third-party complaint on December 2, 2013 seeking a declaratory judgment that it has no obligation to defend or indemnify the defendants in those underlying state actions.

These motions followed. Urban Outfitters, in its motion for partial summary judgment, seeks a determination that both insurers have a duty to defend the underlying lawsuits. It contends that the underlying actions allege “oral or written publication, in any manner, of material that violates a person’s right of privacy,” triggering coverage under the insurers’ “personal and advertising injury” provisions and that none of the policy exclusion apply as a matter of law. UO MSJ at 3. As a result, it contends that the insurers have a duty to defend in the three underlying actions, a duty that Urban Outfitters asserts they have breached. Id.

Both Hanover and OneBeacon, in their motions for summary judgment, argue that the complaints in the underlying actions allege claims that are either not within the scope of the' policies’ coverage, Hanover MSJ at 2, or fail to allege a covered injury, OneBeacon MSJ at 2. In the alternative, were we to determine that any of the underlying actions assert a claim potentially within the scope of the coverage, both insurers urge that we find the underlying allegations fall within policy exclusions and that as a result they have no duty to defend.

On May 2, 2014, counsel for OneBeacon informed the Court that on February 21, 2014 the Dremak parties in California stipulated to dismissal of all common law claims, leaving only a single statutory claim, and asked us to take judicial notice of that Court’s February 26, 2014 Order dismissing those claims. See Dkt. Entry 44. On May 9, 2014, counsel for Urban Outfitters replied, contending that the dismissal does not affect the insurers’ duty to defend the suit. See Dkt. Entry 45.

We have jurisdiction to hear this case under 28 U.S.C. § 1332 because there is complete diversity between the parties. Urban Outfitters is a Pennsylvania corporation with its principal place of business in Philadelphia, Pennsylvania. OneBeacon Cmplt. at ¶ 4. One Beacon is a Massachusetts corporation with its principal place of business in Minnesota. Id. at ¶ 3. Hanover is a Delaware corporation with its principal place of business in Massachusetts. UO Third Party Cmplt. at ¶ 5.

II. Legal Standards

A. Summary Judgment

Summary judgment is warranted where there is no genuine dispute as to any material fact “and the movant is entitled to judgment as a matter of law.” Fed. R.Civ.P. 56(a). A factual dispute is “genuine” if it turns on “evidence on which the jury could reasonably find for the plaintiff.” Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 252, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986). A fact is “material” if it “might affect the outcome of the suit under the governing law.” Id. at 248, 106 S.Ct. 2505.

The parties agree that Pennsylvania law applies to the interpretation of the insurance contracts.¹³- See UO MSJ at 11; Hanover MSJ at 9; OneBeacon MSJ at 10, 11. It is well-settled in Pennsylvania that the interpretation of an insurance policy is a question of law. Kvaerner Metals Div. of Kvaerner U.S., Inc. v. Commercial Union Ins. Co., 589 Pa. 317, 908 A.2d 888, 897 (2006). “[T]he interpretation of an insurance contract regarding the existence or non-existence of coverage is generally performed by the court.” Nationwide Mut. Ins. Co. v. CPB Int’l, Inc., 562 F.3d 591, 595 (3d Cir.2009) (summarizing Pennsylvania law) (internal quotation marks omitted).

B. The Insurers' Duty to Defend

Parties to an insurance contract may invoke the Declaratory Judgments Act to interpret their obligations under an insurance contract, including whether an insurer has a duty to defend. General Accident Ins. Co. v. Allen, 547 Pa. 693, 692 A.2d 1089, 1095 (1997). “[The] first step in a declaratory judgment action concerning insurance coverage is to determine the scope of the policy’s coverage. After determining the scope of coverage, the court must examine the complaint in the underlying action to ascertain if it triggers coverage.” Id. (internal citations omitted). The duty to defend is separate from and broader than the duty to indemnify, but both duties “flow from a determination that the complaint triggers coverage.” Kvaerner, 908 A.2d at 896 n. 7 (citing Allen, 692 A.2d at 1095).

It is well-established that an insurer’s duties under an insurance policy are triggered by the language of the complaint against the insured, not by the cause of action pled. Kvaerner, 908 A.2d at 896; see also Mutual Benefit Ins. Co. v. Haver, 555 Pa. 534, 725 A.2d 743, 745 (1999) (“[T]o allow the manner in which the complainant frames the request for redress to control in a case ... would encourage litigation through the use of artful pleadings designed to avoid exclusions in liability insurance policies.”).

Pennsylvania courts have long held that the duty to defend arises whenever claims in the underlying complaint could “potentially” come within the scope of coverage. See, e.g., Erie Ins. Exch. v. Claypoole, 449 Pa.Super. 142, 673 A.2d 348, 356 (1996) (cited in Frog, Switch & Mfg. Co., Inc. v. Travelers Ins. Co., 193 F.3d 742, 746 (3d Cir.1999)). “[I]f a single claim in a multi-claim lawsuit is potentially covered, an insurer must defend against all claims until it is clear that the underlying plaintiff cannot recover on any claim.” Indalex Inc. v. Nat'l Union Fire Ins. Co. of Pittsburgh, PA, 83 A.3d 418, 421 (Pa.Super.2013) (internal citation omitted). As the Pennsylvania Superior Court held in D’Auria v. Zurich Ins. Co., 352 Pa.Super. 231, 507 A.2d 857 (1986) “It does not matter if in reality the facts are completely groundless, false or fraudulent. It is the face of the complaint and not the truth of the facts alleged therein which determines whether there is a duty to defend.” Id. at 859. In short, the court determining the existence of a duty to defend must take as true the factual allegations of the underlying complaint and “liberally construe [them] in favor of the insured.” Frog, 193 F.3d at 746.

Pennsylvania law obliges us to look first at the terms of the policy. “When the language of the policy is clear and unambiguous, we must give effect to that language,” Kvaerner, 908 A.2d at 897 (internal quotation omitted). Ambiguous provisions are to be construed in favor of the insured to further the contract’s primary purpose of indemnity. Id. It is the insured’s burden to establish coverage under the policy. See Erie Ins. Exch. v. Transamerica Ins. Co., 516 Pa. 574, 533 A.2d 1363, 1366-67 (1987).

C. The Policies At Issue

1. The OneBeacon Policies

The provision at issue is the Coverage B language for the CGL portion of the 2008-2009 Policy, which is identical in the 2009-2010 and 2010-2011 Policies (for which Hanover is responsible), which state in pertinent part:

a. We will pay those sums that the insured becomes legally obligated to pay as damages because of “personal and advertising injury” to which this insurance applies....

b. This insurance applies to “personal and advertising injury” caused by an offense arising out of your business but only if the offense was committed in the “coverage territory” during the policy period.

JA, Ex. 4 at 62; Ex. 5 at 122.

“Personal and advertising injury” is defined in part as an injury arising out of “[o]ral or written publication of material that violates a person’s right of privacy.” Id., Ex. 4 at 80; Ex. 5 at 132.

The Coverage B insuring agreement of the umbrella portion of the policies — again, identical in both periods for which One-Beacon is the insurer — states in part that:

a. We will pay on behalf of the insured the “Ultimate Net Loss” in excess of the “retained limit” because of “personal and advertising injury” to which this insurance applies....

We will have right and duty to defend the insured against any “suit” seeking damages for such “personal and advertising injury”, but:

(3) Our duty to defend applies only to “suits” not covered by any “Underlying Insurance” shown in the Umbrella Declarations or by any other insurance or ... when the limits of “Underlying Insurance” have been exhausted;

b. This insurance applies to “personal and advertising injury” caused by an offense arising out of your business, but only if the offense was committed in the “coverage territory” during the policy period.

Id., Ex. 4 at 90; Ex. 5 at 140.

Both the CGL and umbrella portions of both policies exclude coverage under a Recording or Distribution of Material or Information exclusion for “ ‘[personal and advertising injury’ arising directly or indirectly out of any action or omission that violates or is alleged to violate ... [a]ny statute, ordinance or regulation ... that [addresses,] prohibits or limits the ... [dissemination ..., collecting, recording,] sending, transmitting, communicating or distribution of material or information.” Id., Ex. 4 at 72, 103; Ex. 5 at 133, 153 (amended to include the bracketed terms as indicated above).

The policies also exclude coverage for “Knowing Violation of Rights of Another” where “ ‘[personal and advertising injury’ caused by or at the direction of the insured with the knowledge that the act would violate the rights of another and would inflict ‘personal and advertising injury.’ ” Ex. 4 at 62, 90; Ex. 5 at 122, 140.

2. The Hanover Policies

Each of the Hanover primary policies, similarly, has a Coverage B section for “personal and advertising injury,” which provide in identical terms that

We will pay those sums that the insured becomes legally obligated to pay as damages because of “personal and advertising injury” to which this insurance applies. We will have the right and duty to defend the insured against any “suit” seeking those damages. However, we will have no duty to defend the insured against any “suit” seeking damages for “personal and advertising injury” to which this insurance does not apply.

Ex. 6 at 180; Ex. 7 at 239; Ex. 8 at 279.

Hanover’s umbrella policies also provide coverage for “personal and advertising injury” under identical terms:

We will pay on behalf of the insured the “ultimate net loss” in excess of the “retained limit” because of “personal and advertising injury” to which this insurance applies. We will have the right and duty to defend the insured against any “suit” seeking damages for such “personal and advertising injury” when the “underlying insurance” does not provide coverage or the limits of “underlying insurance” have been exhausted.

Ex. 9 at 309; Ex. 10 at 335. The umbrella liability section of the “fronting” policy has a similar provision, see Ex. 6 at 207. Hanover points out that “ultimate net loss” is defined slightly differently in the fronting policy and the two umbrella policies, but that in each the term is ultimately defined as the total amount of “damages” that the insured becomes legally liable to pay. Hanover MSJ at 4; see also Ex. 6 at 218-19; Ex. 9 at 320; Ex. 10 at 346.

The policies define a “personal and advertising injury” to include “[o]ral or written publication, [in any manner], of material that violates a person’s right of privacy.” Ex. 6 at 192, 217 (omitting the language “in any manner” contained in other policies); Ex. 7 at 250; Ex. 8 at 290; Ex. 9 at 318; Ex. 10 at 344.

Like the OneBeacon policies, the Hanover policies have several relevant exclusions.

First, the policies all exclude coverage for alleged statutory violations. The 2011-2012 Umbrella Policy, under an exclusion entitled “Distribution of Material in Violation of Statutes”, offers no coverage for “ ‘[p]ersonal and advertising injury’ arising directly or indirectly out of any action or omission that violates or is alleged to violate ... [a]ny statute, ordinance or regulation ... that prohibits or limits the sending, transmitting, communicating, or distribution of material or information.” Ex. 9 at 321. The other policies, under a “Recording and Distribution of Material in Violation of Law” exclusion, eliminate coverage for

‘Personal and advertising injury’ arising directly or indirectly out of any action or omission that violates or is alleged to violate ... [a]ny federal, state or local statute, ordinance or regulation ... that addresses, prohibits or limits the printing, dissemination, disposal, collecting, recording, sending, transmitting, communicating or distribution of material or information.

Ex. 6 at 191 and 220; Ex. 7 at 251; Ex. 8 at 291; Ex. 10 at 347.

Second, each policy has an exclusion for “Material Published Prior To Policy Period”, also known as a Prior Period Publication exclusion, which excludes coverage for personal and advertising injuries “arising out of oral or written publication of material whose first publication took place before the beginning of the policy period.” Ex. 6 at 180 and 207; Ex. 7 at 239; Ex. 8 at 279; Ex. 9 at 309; Ex. 10 at 335.

III. Discussion

A. The Hancock Action

The Hancock complaint alleges that on three occasions Urban Outfitters and/or Anthropologie collected customers’ ZIP code information, which was then entered into the store’s point-of-sale register system, which was connected by a digital subscriber line to the retailer’s home office. JA, Ex. 1 at ¶¶ 21, 23-39. The complaint also alleges that the retailers can use the ZIP code information, which is part of the consumer’s address, “for their own pecuniary benefit, including by engaging in direct marketing campaigns without customers’ permission.” Id. at ¶¶ 2, 49. As stated above, the plaintiffs allege the ZIP code collection violated two District of Columbia statutory bans, one having to do with (1) requesting or recording credit card holders’ address or telephone number as a condition of purchase, and another (2) misrepresenting a material fact that has a tendency to mislead by asking customers for information that was optional. Id. at ¶¶ 50-52, 56, 62.

Urban Outfitters contends that “personal and advertising injury” coverage is triggered in this action because the complaint alleges “oral or written publication, in any manner, of material that violates a person’s right of privacy.” UO MSJ at 14. Urban Outfitters also argues that the qualifier “in any manner” should result in a more expansive definition of “publication” in those policies containing that language. Id. at 16.

Both Hanover and OneBeacon contend, inter alia, that there is no coverage under the “personal and advertising injury” provision because the Hancock complaint does not allege “publication”. Hanover MSJ at 11, OneBeacon MSJ at 14.

The cases Urban Outfitters cite are in-apposite to the allegations here. These cases apply other jurisdictions’ law,¹⁴ or rely on policy provisions different from those present here,¹⁵ or find that certain forms of advertising constitute “publication” within the policy definition.¹⁶ We are unpersuaded that any of these cases has any bearing on the allegations in the Hancock complaint.

We agree with Hanover and One-Beacon that the Hancock plaintiffs do not allege “publication” within the meaning of Pennsylvania law. The Hanover and One-Beacon policies do not define “publication”, nor has the Pennsylvania Supreme Court held how “publication” should be construed. But Pennsylvania law does offer us two guideposts. First, the Pennsylvania Superior Court teaches that “[w]hen interpreting the language of an insurance policy, the words must be construed in their natural, plain and ordinary sense.” Tyler v. Motorists Mut. Ins. Co., 779 A.2d 528, 531 (Pa.Super.2001) (internal citation omitted) (cited in Whole Enchilada, Inc. v. Travelers Property Cas. Co. of America, 581 F.Supp.2d 677, 697 (W.D.Pa.2008)).

When the term is not defined, the Court may refer to the dictionary definition of the word. Tyler, 779 A.2d at 531. In Whole Enchilada, where the insured sought coverage for an alleged Fair and Accurate Credit Transactions Act violation, the court relied on dictionary definitions to find that there was no “publication” within the meaning of the insurance policy because information was exchanged only between the insured and its customer. Whole Enchilada, 581 F.Supp.2d at 697. We go down the same path to arrive at the same conclusion. Black’s Law Dictionary defines publication generally as “the act of declaring or announcing to the public.” Black’s, 1348 9th ed.2009. Merriam-Webster defines publication as:

(a) the act or process of producing a book, magazine, etc., and making it available to the public;

(b) a book, magazine, etc., that has been printed and made available to the public; or

(c) the act of printing something (such as an article or photograph) in a magazine, newspaper, etc.

Merriam-Webster Dictionary, online ed. (2014), http://www.merriam-webster.com/ dictionary/publication (last accessed May 12, 2014). Our dictionary of choice likewise makes clear that promulgation to the public, even to a limited number of people, is the essence of publication. XII The Oxford English Dictionary 782 (2nd ed.1989).

Second, under Pennsylvania law, “publication” in connection with a claim of invasion of privacy requires that “the matter [be] made public by communicating it to the public at large, or to so many persons that the matter must be regarded as substantially certain to become one of public knowledge.” Harris by Harris v. Easton Publishing Co., 335 Pa.Super. 141, 483 A.2d 1377, 1384 (1984).

The Hancock plaintiffs make no such allegation. Rather, they allege only that the retailers used their ZIP code information “to determine their home or business addresses,” where “[defendants sent unsolicited mailings or other material.” JA, Ex. 1 at ¶ 44(d)(v) and (vi). Although the complaint stated that the retailers could identify customers’ home or business addresses “by matching the customers’ names with their ZIP codes ... via commercially available databases,” id. at ¶2, that claim notably does not allege that the information gathered from Urban Outfitters customers was publicly disseminated.

Because we hold that Urban Outfitters’ actions alleged in the Hancock complaint do not constitute “publication” within the policy’s definition of “personal and advertising injury,” we need not reach the question of whether the ZIP code data collection violated any person’s “right to privacy” in order to conclude that the retailers’ actions fall outside the scope of the OneBeacon and Hanover policies’ respective coverage.

B. The Dremak Action

The Dremak plaintiffs allege that on at least eight occasions cashiers at Urban Outfitters or Anthropologie entered customer ZIP code information into the electronic point of sale register before completing a credit card transaction. JA, Ex. 3 at ¶¶ 6-10. In the original complaint, plaintiffs alleged four causes of action: (1) violation of a state consumer protection law for requesting, collecting and recording ZIP code information, id. at ¶¶ 1, 3; (2) negligence, for disseminating that information, without customers’ consent, to other vendors and retailers for marketing purposes, id. at ¶¶ 35-37, 39-41; (3) violation of privacy rights, for disseminating plaintiffs’ private home addresses without their consent, putting them at risk for harassment, fraud and identity theft, id. at ¶¶ 49-53; and (4) intentional intrusion upon seclusion for using the ZIP code collection to obtain customers’ home addresses without disclosing this intent, and to use this unlawfully obtained data for the retailers’ own profit, id. at ¶¶ 56-60.

On May 2, 2014, counsel for OneBeacon informed the Court on its behalf and that of Hanover that on February 21, 2014 the parties in Dremak stipulated to voluntarily dismissal of all common law claims, which the California court did by Order five days later. See Dkt. entry # 44. The insurers, arguing that the February 26 Order has a direct bearing on their defense obligations because it narrows the scope of the Dre-mak litigation, jointly requested that we take judicial notice of the Order, which was attached to the submission. Id. at 1.

On May 9, 2014, counsel for Urban Outfitters responded, stating in relevant part that the factual allegations of the complaint state a cause of action for common law invasion of privacy that falls within the insurance coverage of the OneBeacon and Hanover policies. See Dkt. entry # 45 at 3. Urban Outfitters further cite to specific allegations within the complaint in support of its contention. Id. at 3, 4.

“The court may judicially, notice a fact that is not subject to reasonable dispute because it ... can be accurately and readily determined from sources whose accuracy cannot reasonably be questioned.” Fed. R. Evid. 201(b)(2). We may take judicial notice upon a party’s request at any stage of the proceeding if supplied with the necessary information. Fed. R.Evid. 201(c)(2) and (d). Accordingly, we take judicial notice that the California court has dismissed all counts, except for the statutory claim, in Dremak.

We now address the remaining allegations. The Dremak plaintiffs allege that the retailers violated the Song-Beverly Credit Card Act of 1971. Under that statute, businesses may not

Request or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.

For purposes of this section “personal identification information,” means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.

CaLCode § 1747.08(a)(2) and (b). The complaint alleges credit card holders’ ZIP codes can be used by a merchant “to determine the customer’s personal identification information, such as full addresses, which [the merchant] may then use for [its] own marketing-related purposes or sell to third parties.” JA, Ex. 3 at ¶ 1. “There is no legitimate need for defendants [Urban Outfitters and Anthropolo-gie] to collect a credit card customer’s personal identification information in order to complete the credit card transaction. Defendants then use the unlawfully collected personal identification information for business-related purposes.” Id. at ¶2. Plaintiffs further allege that a ZIP code, which defendants intentionally requested during credit card transactions in their stores, constitutes “personal identification information” as defined in the statute. Id. at ¶¶ 29-32.¹⁷

The Dremak plaintiffs also allege that Urban Outfitters collected the ZIP code information on its own electronic databases for “targeted marketing” and “may sell” the information to other businesses. Id. at ¶ 17. They further allege that Urban Outfitters shared the ZIP code information with third parties (including vendors and retailers) or sold it to them for marketing purposes, without informing the customers. Id. at ¶¶ 36, 39, 41.

Urban Outfitters urges that the Dremak allegations support a recovery for invasion of privacy. UO MSJ at 20; see also Dkt. entry # 45 at 4. OneBeacon and Hanover respond that the complaint does not allege an invasion of privacy within the insurance policy’s meaning and that the complaint fails to allege publication or damages. On-eBeacon MSJ at 16, 17; Hanover MSJ at 20-23.

We find the allegation that Urban Outfitters disseminated information broadly to third parties, although generalized, suffices to fall within Pennsylvania’s definition of “publication” in the context of an invasion of privacy claim, because plaintiffs allege communication to so many people that the matter must be regarded as likely to become public knowledge. See Harris, 483 A.2d at 1384.

An action for invasion of privacy under Pennsylvania law is comprised of four analytically distinct torts: 1) intrusion upon seclusion, 2) appropriation of name or likeness, 3) publicity given to private life or the right to secrecy, and 4) publicity placing a person in a false light, including intrusion upon seclusion and publicity given to private life. See Marks v. Bell Tel. Co. of Pa., 460 Pa. 73, 331 A.2d 424, 430 (1975) (internal citations omitted); see also Melrose Hotel Co. v. St. Paul Fire and Marine Ins. Co., 432 F.Supp.2d 488 (E.D.Pa.2006) (Schiller, J.). Pennsylvania courts recognize that the privacy right protected under an “advertising injury” clause is the right to secrecy. Telecom. Network Design v. Brethren Mut. Ins. Co., 5 A.3d 331, 337 (Pa.Super.2010); cf. Melrose, 432 F.Supp.2d at 502 (“the focus [of those provisions] is on the content of the message.”)

The insurers contend that the Dremak plaintiffs do not allege a violation of publicity given to private life, OneBeacon MSJ at 17, but rather “to the extent the plaintiffs do complain about privacy concerns, these complaints focus on the right to seclusion,” Hanover MSJ at 21. OneBeacon also asserts that ZIP code information is not private. OneBeacon MSJ at 16-17. The insurers rely on Telecom. Network Design and Melrose, two cases where insureds sought coverage for violating a statute banning mass faxes. In both cases, the court found that the intrusiveness of the faxes violated “one’s right to be left alone ... [which] is not the privacy interest addressed and covered by the ‘advertising injury’ clause of the policies.” Telecom. Network Design, 5 A.3d at 337 (citing Melrose, 432 F.Supp.2d at 502).

The insurers’ reliance on those cases is misplaced. We disagree with their reasoning because we find that the Dremak allegations turn on the private nature of the plaintiffs’ ZIP code. See, e.g., JA, Ex. 3 at ¶¶ 39, 40 (defendants failed to inform customers they would disseminate their personal identification information to third parties and failed to get informed consent to do so). In 2011, the California Supreme Court examined whether a business’s request and collection of ZIP code data violated the Song-Beverly Act and concluded, “In light of the statute’s plain language, protective purpose, and legislative history, we conclude that a ZIP code constitutes ‘personal identification information’ as that phrase is used” in the statute and “[t]hus, requesting and recording a cardholder’s ZIP code, without more, violates the Credit Card Act.” Big 5 Sporting Goods Corp. v. Zurich American Ins. Co., 957 F.Supp.2d 1135, 1138 (C.D.Cal.2013) (quoting Pineda v. Williams-Sonoma Stores, Inc., 51 Cal.4th 524, 120 Cal.Rptr.3d 531, 246 P.3d 612, 614 (2011)).¹⁸ As such, the Dremak plaintiffs plainly allege a privacy violation within the scope of the “personal and advertising injury” policy provision.

Both insurers argue that, because Dremak alleges a statutory violation, it falls under certain policy exclusions in each of the policy periods. Hanover MSJ at 23; OneBeacon MSJ at 20. When an insurer relies on a policy exclusion to deny coverage and refuse to defend, the insurer has asserted an affirmative defense and, accordingly, bears the burden of proving such defense. See Erie Ins. Exch., 533 A.2d at 1363 (internal citation omitted).

The provisions at issue for OneBeacon are the “Recording and Distribution of Material or Information in Violation of Law Exclusions” in its 2009-2010 CGL and umbrella policy, which exclude, in identical terms

“Personal and advertising injury” arising directly or indirectly out of any action or omission that violates or is alleged to violate ... [any] statute, ordinance or regulation ... that addresses, prohibits or limits the ... dissemination, ... collecting, recording, sending, transmitting, communicating or distribution of material or information.

See JA, Ex. 5 at 133, 153; Ex. 6 at 191, 220 (the “fronting” policy for which Hanover is responsible). Hanover’s CGL policies have the identical exclusion under a different heading. JA, Ex. 7 at 251; Ex. 8 at 291.

The language of the exclusion, which bars collecting and recording information, is consonant with the Song-Beverly prohibition against “requesting], require[ing]” or “recording]” ZIP code data as a condition of purchase. Accordingly, we find that because- the Dremak allegations arise out of the alleged violation of the statutory right to privacy that prohibits collecting or recording information, the exclusions bar coverage under the policies.

C. The Miller Action

The Miller plaintiffs allege that Urban Outfitters violated a state statute and invaded their privacy by recording ZIP code information and using that data for its own marketing and promotions — including sending junk mail to the plaintiffs. JA, Ex. 2 at ¶¶ 1, 15-17. They also allege damages from the loss of the commercial value of that data and seek restitution for its misappropriation. Id. at ¶¶ 45-47.

The statute at issue in the Massachusetts action is similar to the California Song-Beverly Act and states in relevant part:

No person, firm, partnership, corporation or other business entity that accepts a credit card for a business transaction shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form. Personal identification information shall include, but shall not be limited to, a credit card holder’s address or telephone number.

G.L. c. 93, § 105(a). And, as with the California statute, the Massachusetts Supreme Judicial Court held, on a question certified by the United States District Court for the District of Massachusetts, that a ZIP code is “personal identification information” within the meaning of the state statute. Tyler v. Michaels Stores, Inc., 464 Mass. 492, 984 N.E.2d 737, 747 (2013).

But the nature of the privacy violation alleged in Miller is quite different from that in Dremak, where the California plaintiffs alleged a privacy right violation because their personal ZIP code data was disseminated to third parties. In Miller, the Massachusetts plaintiffs allege that Urban Outfitters collected ZIP code information “to identify the customer’s address ... through the use of publicly available databases ... to send unsolicited marketing and promotional materials, or ‘junk mail,’ to customers.” JA, Ex. 2 at ¶¶ 15, 16. Plaintiffs allege they suffered an injury “by receiving” this junk mail, which they characterized as a “breach of their privacy.” Id. at ¶¶ 18, 19.

These allegations are akin to those in Telecom. Network Design and Melrose. In Melrose, recipients of a faxed mass promotional campaign sued,- alleging the unsolicited faxes violated the Telephone Consumer Protection Act (“TCPA”). Melrose, 432 F.Supp.2d at 490. After the parties settled, the Melrose Hotel Company sought coverage from its insurance carrier under the “advertising injury” provision in connection with that litigation. Id. at 491. The Court concluded that, while the TCPA intended to protect privacy, the policy “clearly confines the term ‘privacy’ to interests in secrecy,” id. at 501, not intrusions upon seclusion such as plaintiffs alleged in Miller.¹⁹

The Pennsylvania Superior Court, relying on Melrose, came to an identical conclusion in Telecom. Network Design. There, a lawsuit by recipients of an insured’s faxed mass advertising similarly alleged a TCPA violation. After reviewing the relevant portions of the policies, the Superior Court concluded that when “the term is read within the context of the policies, it is clear ... that the term ‘privacy’ is confined to secrecy interests.” Telecom. Network Design, 5 A.3d at 337.

Accordingly, because we find that the Miller plaintiffs allege they receive unsolicited junk mail that breached their privacy, we conclude that neither the OneBea-con nor Hanover policies provide defense coverage for the violations alleged in the Miller complaint.

IV. Conclusion

For the reasons stated above, we will grant OneBeacon and Hanover’s motions for summary judgment and deny Urban Outfitters’ motion for partial summary judgment. Specifically, we declare that neither OneBeacon nor Hanover has a duty to defend Urban Outfitters or An-thropologie in any of the three class action lawsuits considered above.

ORDER

AND NOW, this 15th day of May, 2014, upon consideration of OneBeacon America Insurance Company’s (“OneBeacon”) motion for summary judgment (docket entry # 38), The Hanover Insurance Group’s (“Hanover”)²⁰ motion for summary judgment (docket entry # 36), and the motion for partial summary judgment filed by Urban Outfitters, Inc. and Anthropologie, Inc. (collectively, “Urban Outfitters”) (docket entry # 35), and the parties’ responses in opposition thereto, and for the reasons articulated in the accompanying Memorandum, it is hereby ORDERED that:

1. OneBeacon’s motion for summary judgment is GRANTED;

2. Hanover’s motion for summary judgment is GRANTED;

3. Urban Outfitters’ motion for partial summary judgment is DENIED;

4. The Court DECLARES that neither OneBeacon nor Hanover has a duty to defend Urban Outfitters in the three state class actions at issue; and

5. The Clerk of Court shall CLOSE this case statistically.

1 . ZIP, the system of postal codes that the United States Postal Service introduced in 1963, is an acronym for Zone Improvement Plan and is properly written in capital letters, as the parties have done here. See http:// www.postalmuseum.si.edu/zipcodecampaign (last accessed May 7, 2014).

2 . No. 13:939 (D.D.C.).

3 . No. 37-2011-00085814-CU-BT-CTL (Super. Ct., San Diego County).

4 . No. 13-2955 (Super. Ct. Mass, Suffolk County), since removed to the District of Massachusetts.

5 . A commercial general liability policy is a broad and flexible form of business insurance. Primary insurance is insurance coverage that takes precedence when more than one policy covers the same loss. An umbrella policy, also called an excess policy, covers liability of a commercial venture above a stated amount in the basic policy the primary insurer issued. Nat’l Assoc, of Ins. Comm'rs, Glossary of Insurance Terms, http://www.naic.org/ consumer_glossary.htm (last accessed May 9, 2014).

Neither insurer disputes Urban Outfitters' general description of the interplay between the primary CGL and the umbrella aspects of the Hanover and OneBeacon policies. That is, that in each combined policy the umbrella policy "drops down” to provide primary coverage if the primary policy does not provide a duty to defend. UO MSJ at 13, 14. See also Resnick v. Chubb Corp., 74 Fed.Appx. 216, 220-21 (3d Cir.2003) ("[A]n umbrella policy generally provides two types of coverage: excess coverage and, when broader than the underlying policy, primary coverage. An umbrella policy provides standard excess insurance coverage that applies after a predetermined amount of primary coverage is exhausted. Additionally, an umbrella policy can provide broader coverage than the underlying policy, meaning that the umbrella policy will "drop down” to provide primary coverage.”) (Internal citation omitted).

6 . Policy 714-00-72-70-002. JA, Ex. 4 (the “2008-2009 Policy”).

7 . Policy 714-00-72-70-003. JA, Ex. 5 (the "2009-2010 Policy”).

8 . Policy 710-02-98-44-000, JA, Ex. 6 (the “2010-2011 Policy”).

9 . Policy RHY 9200550-00, JA, Ex. 7 (the "2011-2012 Policy") and Policy UHY 9200555 00, JA, Ex. 9 (the "2011-2012 Umbrella Policy").

10 . Policy RHY 9200550-01, JA, Ex. 8 (the "2012-2013 Policy”) and Policy UHY 9200555 01, JA, Ex. 10 (the "2012-2013 Umbrella Policy”).

11 . See docket number l:13-cv-939-BAH in the U.S. District Court for the District of Columbia. None of the parties bothered to inform this Court of the procedural developments in this case.

12 . See docket number l:13-cv-12276-DPW in the U.S. District Court for the District of Massachusetts. Again, none of the parties troubled themselves to inform us of the procedural developments in this case.

13 . In a footnote in its motion for partial summary judgment, Urban Outfitters states that it “reserves the right to assert that another jurisdiction’s law applies if facts or discovery lead to that conclusion.’’ UO MSJ at 11 n. 4.

Not quite: once the Court adopts a choice of law rule, as we do here, choice of law is settled under the "law of the case” doctrine and will not be revisited absent extraordinary circumstances. Public Interest Research Group of New Jersey, Inc. v. Magnesium Elektron, Inc., 123 F.3d 111, 116 (3d Cir.1997).

14 . See e.g., Pietras v. Sentry Ins. Co., 2007 WL 715759 at *3 (N.D.Ill. Mar. 6, 2007) (citing cases that hold "advertising injury” is defined as '.'written ... publication ... of material that violates a person's right of privacy” as a matter of Illinois law).

15 . See, e.g., Melrose Hotel Co. v. St. Paul Fire and Marine Ins. Co., 432 F.Supp.2d 488, 501 (E.D.Pa.2006) (Schiller, L) (where the policy defines an "advertising injury offense,” inter alia, as "making known to any person ... covered material that violates a person's right to privacy”).

16 .See, e.g., Hanover Ins. Co. v. Urban Outfitters, 2013 WL 4433440 (E.D.Pa. Aug. 19, 2013) (O’Neill, J.) (holding that advertising online and in catalogues constitutes publication within the meaning of the insurer's policy).

17 . The complaint also states that retailers acquire such information “to build mailing and telephone lists which they can subsequently use for their own in-house marketing efforts, or sell to direct-mail or tele-marketing specialists, or to others.” JA, Ex. 3 at ¶ 15. Urban Outfitters argues this allegation refers to its own efforts. As the complaint cites to the statute’s legislative history in 1990 for this description, it plainly does not.

18 . “The legislative history of the Song-Beverly Act illustrates that the Act created a new statutory right of privacy in 1991 that previously did not exist at common law ... [PJrior to the 1991 addition to the Song-Beverly Act, there was no common law invasion of privacy right that prevented businesses from requiring customers to provide 'personal identification information,' including their [ZIP] codes, in connection with credit card transaction.” Big 5 Sporting Goods Corp. v. Zurich American Ins. Co., 957 F.Supp.2d 1135, 1150-51 (C.D.Cal.2013).

19 . Plaintiffs in Miller also alleged that Urban Outfitters “has the ability to sell the ZIP code information it collects ... to third parties for a profit.” JA Ex. 2, ¶ 17. This speculative allegation falls far short of an allegation of "publication” within Pennsylvania law.

20 . This entity is properly known as The Hanover Insurance Company.