On January 7, 2022, the Northern District issued an opinion regarding whether the claims contained in a lawsuit alleging the violation of the Illinois Biometric Information Privacy Act (“BIPA”), 40 ILCS 14/1 et seq., were covered under a Businessowners’ Liability Policy. An employee of the insured filed a class action complaint in Kankakee County, Illinois, against the insured for violating BIPA. The insured required its employees to use a biometric time clock system to record their time. This system required the insured’s employees to scan their fingerprints to clock in and clock out. This information was then disclosed to the insured’s time-keeping vendor. It is alleged the insured did not obtain the employee’s consent to disclose the biometric information to its vendor in a violation of BIPA.
The insurer denied coverage under its policy, relying on three exclusions: (1) Access or Disclosure Exclusion; (2) Violation of Statute Exclusion; and (3) ERP Exclusion. The insurer then filed a complaint for declaratory judgment against its insured asserting that it had no duty to defend its insured for the BIPA lawsuit.
The Access or Disclosure Exclusion at issue precluded coverage “for personal and advertising injury . . . arising out of any access to or disclosure of any person’s . . . confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of nonpublic information.” In rejecting its application, the court determined that to include fingerprints as “health information” would “stretch the definition of health information to include a physical characteristic that has nothing to do with the state of health of an individual.” For this reason, the court held that the Access or Disclosure Exclusion did not apply to preclude coverage.
The Violation of Statute Exclusion at issue precluded coverage for “access or disclosure of confidential or personal information and data related to liability.” The court noted that this exclusion was nearly identical to the exclusion analyzed in West Bend Mut. Ins. Co. v. Krishna Schaumburg Tan, Inc., 2021 WL 2005464 (Ill. May 21, 2021). In Krishna, the Illinois Supreme Court held that the Violation of Statute Exclusion did not apply to preclude coverage for a BIPA lawsuit, which alleged that a tanning salon violated BIPA by requiring its customers to scan their fingerprints without first getting their signed, written release to allow disclosure of their fingerprints to any third party. Because the insurer could not “meaningfully differentiate” between the terms in its Violation of Statute Exclusion with the one in Krishna, the court concluded this exclusion did not apply to preclude coverage.
The ERP Exclusion at issue precluded coverage for personal and advertising injuries “arising out of any . . . employment-related practice, policies, acts omissions, such as coercion, demotion, reassignment discipline, defamation, harassment, humiliation or discrimination directed at the person . . . .” In finding this exclusion precluded coverage, the court stated the exclusion “applie[d] to practices directed at individual employees and the fingerprint requirement [was] directed at all employees.” Thus, because the court viewed the insured’s requirement that its employees scan their fingerprints as an employment-related practice, the court found the exclusion applied to preclude coverage.
Although an unpublished opinion, this finding may signify other court’s agreement with the holding in Krishna and may further cut against an insurance company’s ability to rely on the Access or Disclosure Exclusion and Violation of Statute Exclusion to preclude coverage for a BIPA lawsuit. On the other hand, the finding may provide traction for insurer’s who wish to take the position that the ERP Exclusion applies to preclude coverage for a BIPA lawsuit involving an employee.
A copy of the court’s decision can be found at Am. Family Mut. Ins. Co., S.I. v. Caremel, Inc., 20 C 637, 2020 WL 8093501 (N.D. Ill. Jan. 7, 2022).
For more information about this article, contact Catherine Geisler at cgeisler@tresslerllp.com.
About the Author
Catherine Geisler is an associate in the Insurance Practice Group. She represents insurance carriers and insureds in a wide range of insurance coverage matters involving policies such as commercial general liability policies, commercial umbrella/excess policies, commercial auto policies, privacy liability policies, professional liability policies and business owners’ policies. Catherine’s work includes analyzing insurance coverage issues, assessing insurance carriers’ risks, preparing coverage opinions and position letters and handling all aspects of insurance coverage litigation in state and federal courts.