Employment And Statutory Exclusions Found Inapplicable To BIPA Class Action

May 17, 2022 / Writing and Speaking

By Don R. Sampen, published, Chicago Daily Law Bulletin, May 17, 2022

The U.S. District Court for the Northern District of Illinois recently held that liability policy exclusions for employment practices and certain statutory violations are not effective to exclude coverage for a claim that the insured violated the Illinois Biometric Information Privacy Act in the insured’s handling of fingerprints taken from employees for timekeeping purposes.

The case is American Family Mutual Insurance Co. v. Carnagio Enterprises, Inc., No. 20 C 3665, 2022 U.S. Dist. Lexis 58358 (March 30). The plaintiffs were two insurance companies: American Family, represented by Gordon & Rees and Pretzel & Stouffer Chtd. of Chicago; and Austin Mutual Insurance Co., represented by Harrison Law LLC of Chicago. Christopher A. Kreid & Associates LLC of Evanston represented the insured, Carnagio. Bock, Hatch, Lewis and Oppenheim LLC of Chicago represented the claimant, Angela Karikari.

Karikari alleged she worked at a McDonald’s restaurant operated by Carnagio, a franchisee of 13 such restaurants. She brought a class action claiming that the restaurant required her to clock in and out using a fingerprint scanner, in violation of the Biometric Information Privacy Act, 740 ILCS 14/1 et seq.

Specifically, she claimed that Carnagio never informed her and other members of the class the purpose of collecting their biometric data or the company’s disclosure policy, and the company did so without obtaining releases.

Upon her filing suit, Carnagio tendered its defense to American Family and Austin Mutual, each of which provided liability coverage to Carnagio for relevant years. The insurers then filed this declaratory action seeking a determination of their obligations to defend Karikari’s lawsuit.

The policies for each carrier provided multiple coverages, including for “personal and advertising injury.” All parties agreed that a lawsuit arising under BIPA constituted a claim asserting “personal injury.” The issue in the case turned on the policies’ exclusions.

Both carriers’ policies contained an “Employment-Related Practices,” or ERP, exclusion and a “Distribution of Material In Violation of Statutes,” or Statutory Violation, exclusion.

The ERP exclusion barred coverage for, among other things, “employment-related practices, policies, acts or omissions, such as coercion, demotion, evaluation, reassignment discipline, defamation, harassment, humiliation or discrimination directed at that person.”

The Statutory Violation exclusion barred coverage for violations of the Telephone Consumer Protection Act, the CAN-SPAM Act of 2003, and “any statute … other than the TCPA or CAN-SPAM Act … that prohibits or limits the sending, transmitting, communicating or distribution of material or information.”

In addition, the Austin Mutual policy contained an exclusion for “Access or Disclosure of Confidential or Personal Information.” This exclusion applied to personal information and data-related liability “arising out of any access to or disclosure of any person’s … confidential or personal information, including patents, trade secrets [etc.] … or any other type of nonpublic information.”

Analysis

Upon cross-motions for summary judgment, Judge John Z. Lee found that coverage was not excluded under the American Family policy but was excluded under the Austin Mutual Policy.

Lee addressed the merits of each exclusion. With respect to the ERP exclusion, he observed that the case law was mixed regarding its applicability to BIPA claims. He agreed with Carnagio and Karikari, however, that the fingerprint requirement did not fall within the employment-related practices language of the exclusion, based on the examples of activity included in the exclusion. Lee invoked the canon of noscitur a sociis, which holds that the meaning of neighboring words can help guide a particular word’s meaning. In this case Lee wrote that the examples of conduct excluded — coercion, demotion, etc. — involved conduct “directed at that person,” as set forth in the exclusion.

Here, by contrast, the fingerprinting requirement applied generally to all employees, and therefore did not fall within the scope of the exclusion.

The Statutory Violation exclusion purported to exclude claims based on statutes that prohibit communicating information. But Lee construed the exclusion in the context of the references to the TCPA and the CAN-SPAM Act in the exclusion. Applying the doctrine of ejusdem generis, which holds that general words are construed as limited by specific words, Lee found the exclusion inapplicable.

It is inapplicable, he wrote, because the TCPA and the CAN-SPAM Act protect privacy by regulating communications private citizens receive. By contrast BIPA protects privacy by regulating the information private citizens give away.

He reached a different conclusion, however, with respect to the Austin Mutual policy’s Access/Disclosure exclusion. Lee construed that exclusion as making the insurance coverage inapplicable to “any access to or disclosure of any person’s … personal information.”

Because this language was not ambiguous, he said the ejusdem generis rule of construction would not apply, and the listing of items in the exclusion — patents, trade secrets, etc. — had no bearing on the breadth of the exclusion. The exclusion therefore took effect.

In sum, the court found that Karikari’s lawsuit does not implicate the Austin Mutual policy because of the Access/Disclosure exclusion, and that insurer has no duty to defend. Karikari’s lawsuit is not, however, excluded under the American Family policy.

Key Point

Depending on their wording and listing of specifically mentioned types of conduct or statutory violations excluded, liability exclusions for employment-related practices and statutory violations may be construed, consistent with the doctrines of noscitur a sociis and ejusdem generis, as not applicable to claims under BIPA.

  • Chicago

    Illinois 60603

    10 South LaSalle Street

    Chicago, Illinois 60603

    T: 312.855.1010 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Dennis D. Fitzpatrick

  • New York

    New York 10005

    28 Liberty Street 39th Floor

    New York, New York 10005

    T: 212.805.3900 TF: 800.826.3505 F: 212.805.3939 Office Managing Partner: Carl M. Perri

  • Mission Viejo

    California 92691

    27285 Las Ramblas

    Suite 200

    Mission Viejo, California 92691

    T: 949.260.3100 TF: 800.826.3505 F: 949.260.3190 Office Managing Partner: Ian R. Feldman

  • Florham Park

    New Jersey 07932

    100 Campus Drive

    Florham Park, New Jersey 07932

    T: 973.410.4130 TF: 800.826.3505 F: 973.410.4169 Office Managing Partner: Carl M. Perri

  • Michigan City

    Indiana 46360

    200 Commerce Square

    Michigan City, Indiana 46360

    T: 219.262.6106 TF: 800.826.3505 F: 312.606.7777 Office Managing Partners: Paige M. Neel, Kimbley A. Kearney

  • Appleton

    Wisconsin 54914

    4650 W. Spencer Street

    Appleton, Wisconsin 54914

    T: 920.560.4658 TF: 800.826.3505 F: 920.968.4650 Office Managing Partner: Patrick L. Breen

  • Stamford

    Connecticut 06902

    68 Southfield Avenue

    2 Stamford Landing Suite 100

    Stamford, Connecticut 06902

    T: 203.921.0303 TF: 800.826.3505 F: 212.805.3939 Office Managing Partner: Matthew J. Van Dusen

  • Tampa

    Florida 33609

    4830 West Kennedy Boulevard, One Urban Center

    Suite 600

    Tampa, Florida 33609

    T: 813.509.2578 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Dennis D. Fitzpatrick

  • San Francisco

    California 94111

    100 Pine Street

    Suite 1250

    San Francisco, California 94111

    T: 415.745.3598 TF: 800.826.3505 F: 949.260.3190 Office Managing Partner: Ian R. Feldman