Since Illinois enacted the state’s Biometric Information Privacy Act, 740 ILCS 14/15, numerous claims and lawsuits have been filed seeking to recover for alleged BIPA violations. As a result, insured-defendants, who have been sued in these cases, have filed claims with their insurance companies requesting defense and indemnification for those underlying lawsuits.
Recently in Remprex, LLC v. Certain Underwriters at Lloyd’s London, 2023 IL App. (1st) 211097, the Illinois Appellate Court applying New York law for purposes of contract interpretation resolved one such case in favor of coverage finding that the insurance company owed a defense to its policyholder for the underlying lawsuit under the media liability coverage section of the Lloyd’s of London cyber insurance policy known as a “Beazley Breach Response” policy.
The policyholder, Remprex, LLC, was a biometric technology software and hardware company that allegedly provided automated gate systems used by railroads at their railyards that required fingerprints for access.
Two lawsuits arose that were filed by a truck driver alleging that the different railroads that owned and operated those railyards that used Remprex’s automated gate systems violated the Illinois Biometric Information Privacy Act. The first lawsuit was filed against BNSF Railway Company (“BNSF”) and the second lawsuit named CN Transportation (“CN”) and other railroads along with Remprex.
The policyholder, Remprex, sought coverage for both of the underlying lawsuits when it filed suit against Lloyd’s of London for coverage even though it was not named in the first lawsuit as a defendant. The trial court dismissed the Remprex’s insurance coverage case finding no coverage for either lawsuit. The Appellate Court, however, affirmed in part and reversed in part. It held that there was no duty to defend or otherwise cover the first lawsuit (“BSNF lawsuit”) but did find that there was a duty to defend Remprex in the second lawsuit (“CN lawsuit”) because unlike the first lawsuit, Remprex was a named defendant.
The media liability coverage section of the Lloyd’s of London cyber insurance policy provided coverage for any “violation of the right of privacy of any individual” that takes place when “creating, displaying, broadcasting, disseminating or relating media material to the public.”
In the BNSF lawsuit, the appellate court reasoned that because Remprex was never named as a defendant or issued a written demand for money or services, policy coverage was not triggered. As a result, Lloyd’s had no duty to defend or indemnify Remprex in relation to the BNSF suit.
Unlike the BNSF lawsuit, Remprex was named as a defendant by CN. CN asserted monetary damages against Remprex, which qualified as a “claim” under the policy with Lloyd’s. Remprex allegedly collecting and transferring fingerprint information to CN in violation of BIPA was also considered as “dissemination to the public,” under its media policy with Lloyd’s. Based on these facts, the appellate court found there was coverage for Remprex under its insurance policy for the CN lawsuit.
If a BIPA claim or suit is filed against you, then among other things you, as a policyholder, should immediately review your insurance policies, including any relevant technology or media provisions contained therein with your attorneys and determine whether a claim should be made for defense or other coverage. Should you have any questions or need any assistance, please feel free to contact your attorney at Airdo Werwas, LLC, James Kenny at firstname.lastname@example.org, or Bridget Finn at email@example.com.