Employment And Statutory Exclusions Found Inapplicable To BIPA Class Action

By Don R. Sampen, published, Chicago Daily Law Bulletin, May 17, 2022

The U.S. District Court for the Northern District of Illinois recently held that liability policy exclusions for employment practices and certain statutory violations are not effective to exclude coverage for a claim that the insured violated the Illinois Biometric Information Privacy Act in the insured’s handling of fingerprints taken from employees for timekeeping purposes.

The case is American Family Mutual Insurance Co. v. Carnagio Enterprises, Inc., No. 20 C 3665, 2022 U.S. Dist. Lexis 58358 (March 30). The plaintiffs were two insurance companies: American Family, represented by Gordon & Rees and Pretzel & Stouffer Chtd. of Chicago; and Austin Mutual Insurance Co., represented by Harrison Law LLC of Chicago. Christopher A. Kreid & Associates LLC of Evanston represented the insured, Carnagio. Bock, Hatch, Lewis and Oppenheim LLC of Chicago represented the claimant, Angela Karikari.

Karikari alleged she worked at a McDonald’s restaurant operated by Carnagio, a franchisee of 13 such restaurants. She brought a class action claiming that the restaurant required her to clock in and out using a fingerprint scanner, in violation of the Biometric Information Privacy Act, 740 ILCS 14/1 et seq.

Specifically, she claimed that Carnagio never informed her and other members of the class the purpose of collecting their biometric data or the company’s disclosure policy, and the company did so without obtaining releases.

Upon her filing suit, Carnagio tendered its defense to American Family and Austin Mutual, each of which provided liability coverage to Carnagio for relevant years. The insurers then filed this declaratory action seeking a determination of their obligations to defend Karikari’s lawsuit.

The policies for each carrier provided multiple coverages, including for “personal and advertising injury.” All parties agreed that a lawsuit arising under BIPA constituted a claim asserting “personal injury.” The issue in the case turned on the policies’ exclusions.

Both carriers’ policies contained an “Employment-Related Practices,” or ERP, exclusion and a “Distribution of Material In Violation of Statutes,” or Statutory Violation, exclusion.

The ERP exclusion barred coverage for, among other things, “employment-related practices, policies, acts or omissions, such as coercion, demotion, evaluation, reassignment discipline, defamation, harassment, humiliation or discrimination directed at that person.”

The Statutory Violation exclusion barred coverage for violations of the Telephone Consumer Protection Act, the CAN-SPAM Act of 2003, and “any statute … other than the TCPA or CAN-SPAM Act … that prohibits or limits the sending, transmitting, communicating or distribution of material or information.”

In addition, the Austin Mutual policy contained an exclusion for “Access or Disclosure of Confidential or Personal Information.” This exclusion applied to personal information and data-related liability “arising out of any access to or disclosure of any person’s … confidential or personal information, including patents, trade secrets [etc.] … or any other type of nonpublic information.”

Analysis

Upon cross-motions for summary judgment, Judge John Z. Lee found that coverage was not excluded under the American Family policy but was excluded under the Austin Mutual Policy.

Lee addressed the merits of each exclusion. With respect to the ERP exclusion, he observed that the case law was mixed regarding its applicability to BIPA claims. He agreed with Carnagio and Karikari, however, that the fingerprint requirement did not fall within the employment-related practices language of the exclusion, based on the examples of activity included in the exclusion. Lee invoked the canon of noscitur a sociis, which holds that the meaning of neighboring words can help guide a particular word’s meaning. In this case Lee wrote that the examples of conduct excluded — coercion, demotion, etc. — involved conduct “directed at that person,” as set forth in the exclusion.

Here, by contrast, the fingerprinting requirement applied generally to all employees, and therefore did not fall within the scope of the exclusion.

The Statutory Violation exclusion purported to exclude claims based on statutes that prohibit communicating information. But Lee construed the exclusion in the context of the references to the TCPA and the CAN-SPAM Act in the exclusion. Applying the doctrine of ejusdem generis, which holds that general words are construed as limited by specific words, Lee found the exclusion inapplicable.

It is inapplicable, he wrote, because the TCPA and the CAN-SPAM Act protect privacy by regulating communications private citizens receive. By contrast BIPA protects privacy by regulating the information private citizens give away.

He reached a different conclusion, however, with respect to the Austin Mutual policy’s Access/Disclosure exclusion. Lee construed that exclusion as making the insurance coverage inapplicable to “any access to or disclosure of any person’s … personal information.”

Because this language was not ambiguous, he said the ejusdem generis rule of construction would not apply, and the listing of items in the exclusion — patents, trade secrets, etc. — had no bearing on the breadth of the exclusion. The exclusion therefore took effect.

In sum, the court found that Karikari’s lawsuit does not implicate the Austin Mutual policy because of the Access/Disclosure exclusion, and that insurer has no duty to defend. Karikari’s lawsuit is not, however, excluded under the American Family policy.

Key Point

Depending on their wording and listing of specifically mentioned types of conduct or statutory violations excluded, liability exclusions for employment-related practices and statutory violations may be construed, consistent with the doctrines of noscitur a sociis and ejusdem generis, as not applicable to claims under BIPA.