Since the Illinois Supreme Court’s ruling that class actions alleging violations of the Illinois Biometric Information Privacy Act (“BIPA”) trigger general liability coverage, the focus of BIPA coverage litigation has shifted to the applicability of three exclusions often found in general liability policies: (1) the Employment Related Practices exclusion, (2) the Violation of Statutes exclusion, and (3) the Access or Disclosure exclusion.  Although the first quarter of 2022 brought a mixed bag of opinions, with four out of seven resulting in a finding of coverage, the scorecard with respect to each specific exclusion tells a different story that generally favors the policyholders.  As outlined in this blog post, insureds facing BIPA lawsuits therefore have plenty of reason to continue pressing their insurers for coverage.

Employment-related practices exclusions

The Employment-Related Practices exclusion bars coverage for bodily injury or personal and advertising injury to a person arising out of any of the following:

  • Refusal to employ that person
  • Termination of that person’s employment
  • Employment-related practices, policies, acts or omissions, such as coercion, demotion, evaluation, reassignment, discipline, defamation, harassment, humiliation, or discrimination directed at that person

In coverage disputes arising out of employment-based BIPA class actions, the issue is whether the conduct at issue is an employment-related practice that falls within the third prong of the exclusion.

As outlined in a previous blog post, there is case law outside of the BIPA context standing for the proposition that the phrase “employment-related” has a narrow meaning and only refers to matters that concern the employment relationship itself. According to this line of case law, where the conduct at issue in a lawsuit does not arise out of personnel management or employee discipline (i.e., the employment relationship), but instead merely happens to involve an employee, the third prong of the exclusion does not bar coverage.

Of the five opinions addressing this exclusion in the BIPA context, only one found that it barred coverage. In that case, the court adopted a broad interpretation, reasoning that the “exemplar employment-related practices listed” in the third prong “reflect a practice that can cause an individual harm to an employee,” which is also “true for a BIPA violation.” (Am. Family Mut. Ins. Co. v. Caremel, Inc., No. 20 C 637, 2022 U.S. Dist. LEXIS 3475, at *10 (N.D. Ill. Jan. 7, 2022)). The remaining four opinions opted for a more narrow reading, reasoning, for example, that BIPA violations are “not like the other” specifically enumerated employment-related practices and would “stick out like a sore thumb” if added to the list. State Auto. Mut. Ins. Co. v. Tony’s Finer Foods Enters., No. 20-cv-6199, 2022 U.S. Dist. LEXIS 40567, at *18 (N.D. Ill. Mar. 8, 2022); see also Citizens Ins. Co. of Am. v. Thermoflex Waukegan, LLC, No. 20-cv-05980, 2022 U.S. Dist. Thus far, courts are adopting the more policyholder favorable approach to this exclusion.

Violation of statutes exclusions

The Violation of Statutes exclusion bars coverage for injury arising out of alleged violations of the Telephone Consumer Protection Act (“TCPA”), the CAN-SPAM Act of 2003, or “[a]ny statute, ordinance or regulation, other than the TCPA or CAN-SPAM Act of 2003, that prohibits or limits the sending, transmitting, communicating or distribution of material or information.” There are different versions of this exclusion, some of which are entitled “Recording and Distribution of Material or Information” and include references to additional statutes such as the Fair Credit Reporting Act or the Fair and Accurate Transaction Act, and therefore are arguably drafted more broadly than their counterparts.  In either case, the issue in BIPA coverage disputes is whether BIPA is a statute that falls within the purview of the exclusion’s catch-all provision.

The Illinois Supreme Court addressed the narrower version of this exclusion in West Bend Mut. Ins. Co. v. Krishna Schaumburg Tan, Inc., 2021 IL 125978, and held that because it only applies to statutes that govern methods of communication, unlike BIPA, it does not bar coverage.  Not long after that, the Middle District of North Carolina analyzed a broader version of the exclusion and reached the opposite conclusion, reasoning that, like BIPA, the statutes specifically enumerated in the exclusion were broadly intended to protect privacy. Mass. Bay Ins. Co. v. Impact Fulfillment Servs., LLC, No. 1:20CV926, 2021 U.S. Dist. LEXIS 182970, at *17-18 (M.D.N.C. Sept. 24, 2021).

Since then, the five decisions addressing this exclusion concluded that it does not bar coverage. Caremel, 2022 U.S. Dist. LEXIS 3475; Thermoflex Waukegan, 2022 U.S. Dist. LEXIS 35630; Highland Baking, No. 20-cv-004997; Citizens Ins. Co. of Am. v. Wynndalco Enter., LLC, No. 20 C 3873 (N.D. Ill. Mar. 30, 2022); Carnagio, No. 20 C 3665. Notably, most of these opinions addressed the broader version of the exclusion, assuaging policyholder concerns that courts would not find the Illinois Supreme Court’s guidance persuasive because it dealt with the narrower version. As with the Employment-Related Practices exclusion, the weight of the case law addressing the Violation of Statutes exclusion favors insureds.

Access or disclosure exclusions

The Access or Disclosure exclusion bars coverage “for personal and advertising injury…arising out of any access to or disclosure of any person’s…confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of nonpublic information.” Similar to the Violation of Statutes exclusion analysis, the issue in BIPA coverage disputes is whether biometric identifiers fall within the “any other type of nonpublic information” catch-all provision.

The case law addressing this exclusion also favors policyholders, with three decisions holding that the exclusion does not preclude coverage, and two decisions reaching the opposite conclusion.  In the three decisions finding the exclusion to be inapplicable, the courts reasoned that biometric identifiers are not sufficiently similar to the other specifically enumerated categories of information to fall within the catch-all provision. Caremel, 2022 U.S. Dist. LEXIS 3475; Thermoflex Waukegan, 2022 U.S. Dist. LEXIS 35630; Highland Baking Co., No. 20-cv-004997.  In contrast, in the two decisions holding that the exclusion barred coverage, both of which were issued by the same judge and utilized the same analysis, the court adopted a more broadly preclusive construction, reasoning that because “the items that are listed have no readily identifiable common thread” and “are not sufficiently similar to belong to one identifiable class,” biometric identifiers fall within the catch-all provision. Thermoflex Waukegan, LLC v. Mitsui Sumitomo Ins. USA, Inc., No. 21 C 788 (N.D. Ill. Mar. 30, 2022); Carnagio, No. 20 C 3665.

It is yet to be seen how many of these decisions will be appealed, but the BIPA coverage landscape currently favors policyholders.  This is especially so given that these coverage disputes are focused on exclusions, which must be construed narrowly in favor of coverage.  Thus, even though a handful of courts have sided with insurers, policyholders facing coverage denials based on any of the foregoing exclusions should persist in pursuing coverage. There are strong arguments to be made in favor of coverage, and there is a growing body of case law supporting those arguments.

If you have any questions about the content of this article, please contact one of the authors of this article or any other member of Reed Smith’s Insurance Recovery Group.