The enactment of biometric privacy laws is a growing trend across the nation. Litigation Partner Josh Polster of Simpson Thacher gave a presentation at AIRROC’s Chicago Regional Education Day 2024 on the Illinois Biometric Information Privacy Act, a frequent source of insurance coverage disputes in Illinois and nationwide. This session focused on the implications of the statute for policyholders, ongoing legislative developments, and key issues of dispute in insurance coverage matters. A video replay of the presentation is available to AIRROC members via the AIRROC On Demand library.
Highlights for conference attendees included the following:
-
- What is biometric information privacy or “BIPA”? BIPA legislation makes it unlawful for private companies to use facial recognition technology or other biometric identifiers, such as fingerprints, facial scans, retina scans, and voiceprints to identify and track people without their consent.
- The Illinois state legislature passed BIPA (740 ILCS 14/1 et seq.) in 2008 providing a private right of action to claimants who can recover damages and attorney’s fees from the offending party. The statute provides for liquidated damages of $1,000 per violation or $5,000 per intentional or reckless violation, which has paved the way for a flood of class action lawsuits.
- The Illinois Supreme Court recently held that a separate claim accrues under BIPA each time biometric data or information is collected and/or disclosed. The Supreme Court’s decision in Cothron v. White Castle System, Inc., 2023 IL 128004, is likely to have a profound impact on future BIPA claims as well as negative implications for Illinois employers and businesses.
- Due to the astronomical, crippling damages, there is a proposed amendment to the BIPA damages scheme that sets a “per person” cap working its way through the legislature. The bill does not expressly address whether it would apply retroactively to any pending BIPA lawsuits.
- Possible sources of insurance coverage for BIPA claims include CGL policies, cyber policies, D&O and EPL policies. Applications of employment-related exclusions, violation-of-statutes exclusions and personal information exclusions have been heavily litigated in connection with BIPA claims. The clear trend is that Courts have narrowly construed these exclusions finding they do not bar coverage.
- This is an evolving area of the law with so much litigation in the space with many of the cases up on appeal and a few recent decisions indicating a turning of the trend to more pro-insurer. Decisions will remain heavily dependent on specific facts and policy language, but new case law will continue to shift the landscape.
- There has been enough time with the statute on the books for insurers to draft coverage provisions with any eye towards BIPA and other privacy statutes.
