(Article from Insurance Law Alert, March 2022)
For more information, please visit the Insurance Law Alert Resource Center.
An Illinois district court ruled that several policy exclusions were ambiguous and that an insurer was therefore obligated to defend a suit alleging violations of the Biometric Information Privacy Act (“BIPA”). Citizens Ins. Co. of Am. v. Thermoflex Waukegan, LLC, 2022 WL 602534 (N.D. Ill. Mar. 1, 2022).
Thermoflex sought coverage for a suit alleging that it violated the BIPA by collecting employees’ handprint data. The policy provided personal and advertising injury coverage for claims arising out of “[o]ral or written publication[s], in any manner, of material that violates a person’s right of privacy.” The insurer argued that it had no duty to defend or indemnify the BIPA claims because of three policy exclusions. The court disagreed and ruled in Thermoflex’s favor.
First, the court ruled that an Employment-Related Practices Exclusion did not unambiguously bar coverage. The exclusion applied to “[e]mployment-related practices, policies, acts or omissions, such as coercion, demotion, evaluation, reassignment, discipline, defamation, harassment, humiliation, discrimination or malicious prosecution.” The insurers argued that the phrase “such as” indicates that the list of acts in the exclusion is not exhaustive and extends to the underlying privacy claims. In contrast, Thermoflex contended that the underlying BIPA claims are entirely different in nature from the employment practices listed in the exclusion. The court deemed the exclusion ambiguous. Notably, a different Illinois district court interpreted a similar exclusion to bar coverage for BIPA claims, see Am. Family Mutual Ins. Co., S.I. v. Caremel, Inc., 2022 WL 79868 (N.D. Ill. Jan. 7, 2022), finding that a BIPA violation is of “the same nature” as the practices listed in the exclusion because they all reflect actions that cause harm to employees. The Thermoflex court disagreed with that reasoning, explaining that such an interpretation is contrary to the rule requiring policy exclusions to be read narrowly.
Second, the court deemed a Recording and Distribution Exclusion ambiguous. The exclusion listed several specific statutes (such as the TCPA, the CAN-SPAM Act of 2003, and the FCRA), along with a catch-all provision that applied to “[a]ny federal, state or local statute, ordinance or regulation” that “addresses, prohibits, or limits the printing, dissemination, disposal, collecting, recording, sending, transmitting, communicating or distribution of material or information.” Relying on the Illinois Supreme Court’s decision in W. Bend Mut. Ins. Co. v. Krishna Schaumburg Tan, Inc., 2021 WL 2005464 (Ill. May 20, 2021) (discussed in our May 2021 Alert), the court ruled that BIPA claims did not unambiguously fall within the catch-all provision of this exclusion. As the Krishna court noted, BIPA is not a statute “of the same kind” as those listed since it does not regulate methods of communication. The court acknowledged that the exclusionary language at issue here was somewhat broader in scope than the exclusionary language presented in Krishna but expressed uncertainty as to whether that added breadth was sufficient to bar coverage.
Finally, the court concluded that an Access or Disclosure Exclusion did not relieve the insurer of its duty to defend. The exclusion applied to claims “arising out of any access to or disclosure of any person’s or organization’s confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of nonpublic information.” The court reasoned that handprints do not share the attributes of the other types of personal information listed in the exclusion. In so ruling, the court noted that BIPA statutory language itself distinguishes between biometric identifiers and “confidential and sensitive information.”
The court declined to rule on whether the insurer was obligated to indemnify the underlying claims, finding the issue to be unripe before the insured has been held liable.