The Illinois Supreme Court ruled late last week in favor of a company seeking insurance coverage for defense of a lawsuit alleging the company had violated the Illinois Biometric Privacy Act (BIPA). The ruling in the case, West Bend Mutual Insurance Company v. Krishna Schaumburg Tan, Inc., 2021 IL 125978, (May 20, 2021), can be found here.
BIPA generally prohibits the sale or dissemination (without consent) of a person’s biometric information. In West Bend, the underlying lawsuit claimed that a tanning salon had violated BIPA by collecting fingerprints of its customers and disclosing those fingerprints to an out-of-state third-party vendor. The tanning salon tendered the defense of the lawsuit to its insurer, West Bend Mutual Insurance Co., seeking to be defended and indemnified under its Businessowners Liability Policy.
West Bend denied coverage, asserting (among other things) that the BIPA claim was excluded from coverage under a “Statutory Violation” provision of the insurance policy. In the ensuing litigation over coverage, both the trial court and the appellate court found that the sale of the fingerprint information constituted “publication” of private information and was covered under the insurance policy’s Personal Injury and Advertising Provision. Moreover, the courts found that West Bend owed a duty of defense to the tanning salon because the Statutory Violation exclusion provided in the policy did not apply to BIPA. Rather, that exclusion applied to methods of sending materials that are regulated by statutes such as the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act.
The Illinois Supreme Court agreed with the lower courts and found that the Statutory Exclusion applied only to methods of communication. Notably, the exclusion in the policy was entitled “Violation of Statutes that Govern E-Mails, Fax, Phone Calls or Other Methods of Sending Material or Information.” Additionally, the listed examples of such statutes were limited to communication methods. BIPA on the other hand, the Supreme Court wrote, does not regulate methods of communication but regulates “the collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information.” Therefore, BIPA was not one of the statutes contemplated by the exclusion.
The Illinois Supreme Court’s decision relied heavily on the exact language of the policy’s exclusion, as well as a relatively obscure legal doctrine of ejusdem generis. We note that not all Businessowners Liability Policies contain identical insurance exclusion provisions. As a result, legal review of insurance policy language is essential to determine the scope of possible coverage for claims under BIPA.