Illinois Appeals Court Rules Lloyd’s Insurers Not Obligated to Defend BIPA Class Action

A split panel of the Illinois Appellate Court, First District, ruled that insurers from Lloyd’s of London are not required to defend Tony’s Finer Foods Enterprises Inc. in a class action lawsuit filed under the Illinois Biometric Information Privacy Act (BIPA).

The lawsuit, initiated by former employee Charlene Figueroa, alleges that Tony’s violated BIPA by collecting employees’ biometric data via fingerprint scans without obtaining proper consent, and that it failed to publish a data deletion schedule.

The court’s majority opinion stated that the class action does not trigger coverage under the cyber policies issued by Lloyd’s between 2018 and 2020, as it does not involve a data breach, security failure, or extortion threat, which are typically covered by such policies.

Importantly, the court noted that Tony’s had authorized a third-party timekeeping company, Kronos, to collect and store biometric data, further relieving the insurers of any defense obligations as such actions do not constitute a data breach.

Tony’s had sued Lloyd’s insurers after they refused to defend the grocery chain against the class action, but the appellate court reversed the lower court’s ruling, which had favored Tony’s.

In a dissenting opinion, one appellate judge argued that the original ruling should have been upheld, citing that the insurers did not provide a defense under a reservation of rights or file a separate lawsuit to dispute their defense obligations.

Last month, Illinois Governor JB Pritzker signed an amendment to BIPA that changes how violations are counted. Under the amendment, multiple collections of the same biometric identifier from the same individual using the same method without proper notice and consent will now be considered a single violation, instead of separate violations for each instance.

Source: Business Insurance

–

September 11, 2024 – by Tony Bitzionis