Since July 2017, national, regional and local businesses operating in Illinois have been hit with a virtual storm of class actions under the Illinois Biometrics Privacy Act (“BIPA”), 740 ILCS 14 et seq.  BIPA regulates how businesses may record and store biometric data from customers or employees, and these actions create the potential for significant losses, including the costs of defending class action litigation and potential awards of statutory damages. Defending, settling and paying judgments in claims under BIPA may be covered in whole or in part under cyberliability, media liability, and/or employment practices liability insurance. Businesses operating in Illinois and states with similar laws (such as Texas and Washington) should carefully review their liability insurance programs to determine whether they may respond to a claim under BIPA or a similar statute, and should provide prompt notice of claim in the event of a suit.

The Illinois BIPA requires written consent before any biometric data can be collected and stored; requires companies to develop a publicly available written policy disclosing its schedule and guidelines for its retention of, and eventual permanent destruction of, employees’ biometrics; and mandates how companies must handle biometric data once in possession. If a company fails to abide by the consent, disclosure, or handling requirements, an employee may recover the greater of either (i) actual damages, (ii) $1,000 for a negligent violation, or (iii) $5,000 for an intentional or reckless violation. Awards of plaintiffs’ attorneys’ fees and injunctive relief are also available.
Continue Reading Beware the Fine (Thumb) Print: Insurance Coverage for Class Actions Under the Illinois Biometric Information Privacy Act, and Similar Biometric Privacy Statutes

The October 21, 2016 DDoS attack on the internet’s domain name system infrastructure underscores the need to consider cyberliability insurance coverage as a critical component of your company’s security and privacy breach response plan, and if your company carries cyberliability insurance, to ensure that your coverage will respond to a network business interruption, security breach

National Public Radio and other news outlets are reporting that a Los Angeles-area hospital recently paid a $17,000 ransom (in the form of 40 bitcoins) to hackers to unencrypt its computer networks, which had been held hostage after “ransomware” was introduced into the hospital’s network. Ransomware is a form of malicious software, or “malware,” that encrypts information or aspects of an organization’s computer network, preventing authorized users from accessing it. Persons maliciously cause the ransomware to be placed on the network, then demand money in exchange for an encryption key to unlock the network. It is not difficult to see the tremendous economic losses and liability risks of a ransomware attack, in particular to a medical facility treating vulnerable patients.
Continue Reading Companies can insure against cyber ransom

Just days after news broke that ISIS hackers forced the shutdown of the U.S. Central Command’s Twitter account, President Obama met with congressional leadership, members of the Federal Trade Commission and the Department of Homeland Security to unveil a proposal to facilitate increased cooperation between the private sector and government to combat growing cybersecurity threats. Citing concerns with preserving national security, public safety and public health, the President proposed new federal cybersecurity legislation, emphasizing that although our digital economy “creates enormous opportunities,” it also “creates enormous vulnerabilities for us as a nation” that are growing and costing us billions of dollars. In remarks on Tuesday at the National Cybersecurity Communications Integration Center, the President further acknowledged the serious legal and liability issues involved with private companies sharing information with the government, and argued that his proposed legislation “includes essential safeguards to ensure that [the] government protects privacy and civil liberties” and other liability protections for companies that share information on cyber threats.
Continue Reading President Obama Acknowledges Growing Cybersecurity Threats to the Government and Economy, Proposes New Measures to Fight Cyber Risks

By Timothy P. Law

The scope of insurance coverage for publication of material that violates a person’s right of privacy is a hotly debated issue nationwide. A decision earlier this week by the Court of Appeals of Wisconsin squarely addresses a key facet of this debate: coverage available for violations of the Telephone Consumer Protection Act (“TCPA”).

In Sawyer v. West Bend Mutual Insurance Co., decided on July 10, 2012, the Wisconsin Court of Appeals ruled that liability coverage for publication of material that violates a person’s right of privacy applies both to the privacy right of secrecy and to the privacy right of seclusion. Continue Reading Insurance Coverage for Violations of the Privacy Right of Seclusion