Coverage Found For Biometric Information Privacy Act Claim
By Don R. Sampen, published, Chicago Daily Law Bulletin, June 15, 2021
The Illinois Supreme Court recently held that an exclusion in a general liability policy applicable to violations of statutes regulating emails and faxes “or other methods of sending” information did not bar coverage for a claim based on the Illinois Biometric Information Privacy Act.
The case is West Bend Mutual Insurance Co. v. Krishna Schaumburg Tan, Inc., 2021 IL 125978 (May 20). The insurer, West Bend, was represented by McKenna Storer of Chicago. Pretzel & Stouffer Chtd. of Chicago represented the insured, Krishna, and Edelson PC of Chicago represented the claimant, Klaudia Sekura.
Sekura filed a class action suit against Krishna, a tanning salon, claiming that upon becoming a member of the salon, Krishna took the fingerprints of her and other class members, which it then shared with an out-of-state vendor.
She claimed by doing so Krishna shared these “biometric identifiers” without permission and in violation of the Biometric Information Privacy Act, 740 ILCS 14/1 et seq. That statute regulates the collection of biometric identifiers and disclosure to others. Sekura alleged mental and emotional injury and sought statutory damages of $1,000 for each violation.
Krishna tendered its defense to West Bend, which provided it general liability coverage. The West Bend policies covered, among other things, advertising and personal injury, defined as including the “oral or written publication of material that violates a person’s right of privacy.”
The policies also included an endorsement titled “Violation of Statutes that Govern E-Mails, Fax, Phone Calls or Other Methods of Sending Material or Information.” That exclusion barred coverage for violations of the Telephone Consumer Protection Act, the CAN-SPAM Act, and violations for any statute “other than” those just mentioned “that prohibits or limits the sending, transmitting, communicating or distribution of material or information.”
Following tender, West Bend agreed to defend under a reservation and filed the instant declaratory action. It took the position that the class action complaint did not allege a publication of material in violation of the right to privacy and that, in any event, the violation-of-statutes exclusion applied.
Upon cross-motions for summary judgment the trial court found in favor of coverage, and the appellate court affirmed. Krishna then petitioned for leave to appeal to the Supreme Court, which was allowed.
In an opinion by Justice P. Scott Neville, the Supreme Court affirmed. He initially addressed whether the sharing of fingerprint information with a vendor of the insured constituted the “publication” of material. West Bend argued it did not because the court, in Valley Forge Insurance Co. v. Swiderski Electronics, Inc., 223 Ill.2d 352 (2006), appeared to limit that term to the communication of information “to the public.”
Neville rejected the argument. Initially, he characterized the language in Valley Forge as non-binding obiter dictum. He then looked at various legal definitions of “publication” and determined it included a communication to both a single party and to the public at large. Thus, even though the information in this case was shared with just one person, the sharing constituted a “publication.”
Addressing whether the complaint alleged a violation of the right to privacy, Neville found it did based on the language and legislative history of the Biometric Information Privacy Act. That act specifically protects the privacy of an individual’s identifying biometric information, including fingerprints.
Neville then took up the violation-of-statutes exclusion. He found particularly significant the title of the exclusion, which referenced violations of email and fax statutes “or other methods of sending material or information.” Observing that not only the title but also the specific statutes referenced — the TCPA and CAN-SPAM Act — had to do with methods of sending information, he applied the doctrine of ejusdem generis.
Neville relied on Black’s Law Dictionary to define that doctrine as requiring that, where general words follow an enumeration of more specific words or identifiers in a statute or contract, the general words should be held to apply only to the same general kind or class as those specifically mentioned.
In this case, wrote Neville, the TCPA and the CAN-SPAM Act regulate the methods of communication, in that the former applies to telephone calls and faxes, and the latter applies to emails. The Biometric Information Privacy Act, on the other hand, does not regulate the methods of communication but rather is directed to the collection and sharing of information.
He therefore concluded that the exclusion does not apply and West Bend has a duty to defend Krishna in Sekura’s class action lawsuit.
Where a policy exclusion or other provision uses general words that follow an enumeration of particular persons or things, the doctrine of ejusdem generis may apply to limit the general words to the same kind or class as those specifically mentioned.