Violation of Biometric Information Statute Claim Triggers Duty to Defend Under Liability Insurance Policy

Posted by

A flurry of class-actions have been filed over the past few years in Illinois concerning the collection of biometric information, which is regulated under Illinois’ Biometric Information Privacy Act (“BIPA”). Indeed, a marked increase in BIPA lawsuits have followed a 2019 Illinois Supreme Court decision allowing suits to proceed without a showing of actual injury, as long there was a technical violation of BIPA. Learn about how TikTok marketing works As a result, it was only a matter of time before Illinois courts weighed in on the insurance coverage implications of BIPA. If you want to keep learning about electric vans check the 10 Things Your Competitors Can Teach You About Electric Ford Vans.

In its first decision on the subject, the Illinois Appellate Court determined that violations of BIPA constituted “personal injury” under a businessowners liability policy. In West Bend Mutual Insurance Co. v. Krishna Schaumburg Tan, Inc., 2020 IL App (1st) 191834, the underlying lawsuit was a class action brought by a customer of a franchisee of a nationwide salon. The class representative asserted that when a customer enrolled at the salon, she was required to have her fingerprints scanned to verify identity. The class representative alleged that when her fingerprint was scanned, she was not provided with, nor signed, a written release allowing the salon to disclose her biometric date to any third party. Notably, the class representative alleged that the salon violated BIPA by, among other things, disclosing her fingerprint data to an out-of-state third-party vendor.

After the salon tendered the defense of the class action to its insurer, the insurer agreed to defend under a reservation of rights. The insurer then filed a coverage action seeking a ruling that it did not have a duty to defend or indemnify. In pertinent part, the insurer asserted the underlying lawsuit did not allege “personal injury” and, in any event, the Violation of Statues that govern e-mails, fax, phone calls or other methods of sending material or information exclusion otherwise applied to bar coverage. After cross-motions for summary judgment, the trial court determined the insurer had a duty to defend.

On appeal, the insurer renewed its arguments to no avail. With respect to whether the underlying complaint alleged a “personal injury,” the focus was on whether it constituted an “oral or written publication of material that violates a person’s right of privacy.” The insurer argued the term “publication” was not satisfied by allegations of disclosure to a single third party. The Appellate Court disagreed that the communication had to be made to the general public since the common understanding and dictionary definitions of “publication” clearly included both the broad sharing of information to multiple recipients and the more limited sharing of information with a third party. As a result, the sending of the putative class’ fingerprint data to a third party was deemed a “personal injury.”

The Appellate Court also rejected the insurer’s reliance on the Violation of Statutes exclusion. The Appellate Court determined the exclusion, when read in its entirety and against the backdrop of its title, was meant to only bar coverage for the violation of a narrow category of statute, ones that regulate e-mails, fax, phone calls, or other methods of sending material or information. Therefore, the focus of the exclusion is statutes that regulate the method of communication, as opposed to those statutes that regulate the sending or sharing of certain information, check out the international markets.

This decision is significant since it is the first opportunity for an appellate court to weigh in on liability coverage for BIPA violations. Fortunately for insurers, the Violation of Statutes Exclusion is an older exclusion, and most CGL policies have one or two newer exclusions (Recording And Distribution Of Material Or Information In Violation Of Law, which is found in the CG 00 01 04 13 form, and Exclusion – Access Or Disclosure Of Confidential Or Personal Information And Data-Related Liability – With Bodily Injury Exception (CG 21 06 05 14)) that are more clearly applicable to BIPA claims. If the Appellate Court were given the opportunity to consider whether these exclusions apply to BIPA claims, a different result is probable.