Insurance Company Has Obligation to Cover BIPA Suit

April 29, 2020 / Writing and Speaking

By Don R. Sampen, published, Chicago Daily Law Bulletin April 21, 2020

The 1st District Appellate Court recently held that a claim that an insured disclosed fingerprint data to a third-party vendor in violation of an Illinois statute constituted a personal injury offense, and coverage was not barred by an exclusion for statutory violations pertaining to emails and faxes.

The case is West Bend Mutual Insurance Co. v. Krishna Schaumburg Tan Inc., 2020 IL App (1st) 191834 (March 20). The insurer, West Bend, was represented by attorneys at McKenna Storer. Edelson PC represented the claimant, Klaudia Sekura. And Pretzel & Stouffer Chtd. represented the insured Krishna.

Sekura brought a proposed class-action against Krishna, a franchisee of L.A. Tan Enterprises Inc. She alleged that when she and others purchased the tanning services of Krishna, the customers were required to have their fingerprints scanned.

She further claimed that Krishna disclosed her fingerprint data to an out-of-state third-party vendor, SunLync, without her consent in violation of the Biometric Information Privacy Act (740 ILCS 14/1). That statute prohibits the dissemination of a customer’s biometric identifiers except in specified circumstances. Her complaint sought statutory damages and attorney fees, restitution and damages for mental anguish.

West Bend provided coverage to Krishna under a commercial general liability policy that required West Bend to defend and indemnify Krishna for “personal injuries.” Those injuries included the publication of material consisting of slander or libel or violating “a person’s right of privacy.”

The policy also included an exclusion applicable to statutory violations that govern email and other methods of sending information. Examples of statutes giving rise to such violations set forth in the policy included the Telephone Consumer Protection Act and the CAN-SPAM Act of 2003.

Notwithstanding the exclusion, an endorsement to the policy extended coverage to accidental “personal data compromises” of “personally sensitive information without appropriate safeguards.”

Krishna tendered to West Bend, which agreed to defend under a reservation. West Bend then brought this declaratory action seeking a determination that it had no coverage obligation. Krishna filed a counterclaim seeking coverage and also penalties under the Insurance Code (215 ILCS 5/155) for bad faith.

On cross-motions for summary judgment, the trial court found in favor of coverage but denied sanctions for bad faith. West Bend appealed, and Krishna cross-appealed.


In an opinion by Justice Mary L. Mikva, the 1st District affirmed. She initially addressed West Bend’s argument that the underlying claim did not fall within the definition of a personal injury because it did not allege a publication of material that violated a person’s right of privacy.

West Bend relied on Valley Forge Insurance Co. v. Swiderski Electronics Inc., 228 Ill.2d 352 (2006), which it interpreted as requiring a distribution of information to the public to fall within the definition of a “publication.” In this case, by contrast, Krishna was alleged to have shared the fingerprint information with only one other entity.

Mikva disagreed with such a limitation. While acknowledging that an example of publication the court used in Valley Forge involved a distribution to the public, she said the court did not intend to exclude the sharing of information with a single third-party. The policy language itself, moreover, did not provide any definition of “publication” giving rise to such a meaning.

Mikva then took up the statutory violation exclusion. West Bend claimed that it applied broadly, in the words of the exclusion, to “any statute, ordinance or regulation that prohibits or limits the sending, transmitting … Of material or information.” It claimed that the Biometric Information Privacy Act, which prohibits the dissemination of “a customer’s biometric identifier,” constituted one such statute.

According to Mikva, however, the exclusion read in context did not apply. The title of the exclusion in particular indicated that it was to apply to “Violation of Statutes that Govern E-Mails, Fax, Phone Calls or Other Method of Sending Material or Information.” Thus, the emphasis was on the method of communication, and the examples given in the exclusion — the TCPA and CAN-SPAM Act — both regulated such methods.

In this case, by contrast, the Biometric Information Privacy Act said nothing about the method of communication. The exclusion therefore would not apply.

Finally, as to Krishna’s cross-appeal claiming bad faith, Mikva said it was based entirely on the policy endorsement extending coverage to personally sensitive information. That endorsement, however, requires that the release of information be accidental and not reckless or deliberate.

And here, as West Bend pointed out, the release of information was alleged to have been as part of a membership program and not accidental. Mikva said West Bend therefore had a good-faith argument for why the endorsement did not apply.

Hence, the court affirmed the trial court’s holding that West Bend had an obligation to defend and did not engage in bad faith in pursuing its coverage determination.

Key point

An exclusion applicable to statutes that govern the method of transmitting personal, private or other information does not apply to exclude coverage for alleged violations of a statute that applies to the dissemination of information without regard to method.

  • Chicago

    Illinois 60603

    10 South LaSalle Street

    Chicago, Illinois 60603

    T: 312.855.1010 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Dennis D. Fitzpatrick

  • New York

    New York 10005

    28 Liberty Street 39th Floor

    New York, New York 10005

    T: 212.805.3900 TF: 800.826.3505 F: 212.805.3939 Office Managing Partner: Carl M. Perri

  • Mission Viejo

    California 92691

    27285 Las Ramblas

    Suite 200

    Mission Viejo, California 92691

    T: 949.260.3100 TF: 800.826.3505 F: 949.260.3190 Office Managing Partner: Ian R. Feldman

  • Florham Park

    New Jersey 07932

    100 Campus Drive

    Florham Park, New Jersey 07932

    T: 973.410.4130 TF: 800.826.3505 F: 973.410.4169 Office Managing Partner: Carl M. Perri

  • Michigan City

    Indiana 46360

    200 Commerce Square

    Michigan City, Indiana 46360

    T: 219.262.6106 TF: 800.826.3505 F: 312.606.7777 Office Managing Partners: Paige M. Neel, Kimbley A. Kearney

  • Milwaukee

    Wisconsin 53202

    250 E. Wisconsin Avenue

    Suite 1800

    Milwaukee, Wisconsin 53202

    T: 414.279.5525 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: James M. Weck

  • Stamford

    Connecticut 06902

    68 Southfield Avenue

    2 Stamford Landing Suite 100

    Stamford, Connecticut 06902

    T: 203.921.0303 TF: 800.826.3505 F: 212.805.3939 Office Managing Partner: Matthew J. Van Dusen

  • Tampa

    Florida 33609

    4830 West Kennedy Boulevard, One Urban Center

    Suite 600

    Tampa, Florida 33609

    T: 813.509.2578 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Dennis D. Fitzpatrick Co-Managing Partner: Kelly M. Vogt

  • San Francisco

    California 94111

    100 Pine Street

    Suite 1250

    San Francisco, California 94111

    T: 415.287.2744 TF: 800.826.3505 F: 949.260.3190 Office Managing Partner: Ian R. Feldman

  • Houston

    Texas 77019

    2929 Allen Parkway

    American General Center, Suite 200

    Houston, Texas 77019

    T: 346.229.4612 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Ramy P. Elmasri

  • Dallas

    Texas 75201

    325 N. Saint Paul Street

    Suite 3100

    Dallas, Texas 75201

    T: 469.942.8635 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Ramy P. Elmasri

  • Boca Raton

    Florida 33434

    7777 Glades Road

    Suite 405

    Boca Raton, Florida 33434

    T: 561.765.5305 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Dennis D. Fitzpatrick Co-Managing Partner: Kelly M. Vogt