In Part I (”When Can an Insurer Pursue a Malpractice Claim Against Defense Counsel Retained for an Insured”) of our two-part article published by the ABA’s Insurance Coverage Litigation Committee (ICLC), we addressed the circumstances in which an insurer can directly pursue malpractice claims against defense counsel. We observed that the majority of courts have allowed insurers to bring claims against defense counsel, and we discussed the three primary legal vehicles through which insurers can bring such claims. 

As we previewed in Part I, a related issue is how and when insurers can seek reimbursement of defense costs from the insured if it is later found that the insurer did not owe its insured a duty to defend. As in the cases discussed in Part I, there is a split of authority, with many jurisdictions still uncertain. 

In Part II, we discuss this split of authority and the requirements for an insurer to preserve a right to recoup defense costs, as well as practical considerations for insurers pursuing, and policyholders looking to fend off, a demand for recoupment. Although California was an early trendsetter in this area, with the decision in Buss v. Superior Court allowing a limited right to reimbursement becoming the majority view, a significant minority refuse to allow the insurer to seek reimbursement—a minority that may gain further traction in many jurisdictions. The Nevada Supreme Court split 4:3 on this issue, ruling in favor of reimbursement, but with a vehement dissent arguing against any such right. In contrast, Illinois has held that there is no right to reimbursement. 

Continue Reading When Can an Insurer Pursue a Malpractice Claim Against Defense Counsel Retained for an Insured? Part II: When Can an Insurer Pursue a Reimbursement Claim against an Insured?

Developments in the law have increased the potential liability that companies could face under the Illinois Biometric Information Privacy Act (BIPA), but fortunately for policyholders, Illinois case law has also solidified coverage for BIPA claims under the Commercial General Liability (CGL) policies they already have.

As BIPA claims make their way through the courts, the range of potential liability under the statute has grown.

BIPA generally bars private entities from collecting, capturing, purchasing, receiving, or otherwise obtaining a person’s biometric information without obtaining that person’s advance, informed consent (see 740 ILCS 14/15(b)), and grants a private right of action to individuals who are “aggrieved” by a violation of the statute, entitling them to recover liquidated or actual damages (whichever is greater) as well as attorneys’ fees and costs (see 740 ILCS 14/20).  For negligent violations, liquidated damages are $1,000, and for intentional or reckless violations, liquidated damages are $5,000.  See id.  Claims under the statute are subject to a five-year statute of limitations.  Tims v. Black Horse Carriers, Inc., 2023 IL 127801, ¶ 37 (Feb. 2, 2023).      

In late 2022, the first BIPA case to proceed to trial, Rogers v. BNSF Railway Co., resulted in a $228 million verdict against the defendant.  That suit was brought on behalf of a class of 45,600 truck drivers whose fingerprints were scanned and stored and used for entry at BNSF’s facilities.  Rogers v. BNSF Ry. Co., No. 19 C 3083, 2023 WL 4297654, at *2 (N.D. Ill. June 30, 2023).  BNSF was found to have not obtained consent for the collection of those fingerprints.  Id.  At trial, the jury found that BNSF had recklessly or intentionally violated BIPA 45,600 times, i.e. one violation per class member.  Id. at *4.  The court multiplied the 45,600 violations by the $5,000 liquidated damages amount for reckless or intentional violations and entered judgment for the plaintiffs in the amount of $228 million.  The court subsequently denied BNSF’s motion for judgment as a matter of law that BNSF did not act intentionally or recklessly.  Id. at *6-7.  The court found that it was not “unreasonable for the jury to infer conscious disregard to utter indifference” based on evidence that BNSF continued to collect biometrics for nearly a year after it learned that doing so might violate BIPA.  Id. *7.  On June 30, 2023, the court granted BNSF’s motion for a new trial limited to damages based on a finding that the $1,000 and $5,000 liquidated damages amounts set out in the BIPA statute are discretionary caps, and damages should thus be determined by the jury.  Id. at *7-10.  While this case is still pending, it puts potential defendants on notice that their liability may not be limited to the “negligent” violation level.

The Illinois Supreme Court has also substantially expanded the range of potential liability under BIPA by holding in Cothron v. White Castle Sys., Inc., 2023 IL 128004, ¶ 1 (July 18, 2023) that a “separate claim accrues under [BIPA] each time a private entity scans or transmits an individual’s biometric identifier or information in violation of [BIPA].”  In contrast to the one-violation-per-claimant calculation applied in BNSF, each scan of the same claimant would constitute a separate violation that is potentially subject to a separate award of liquidated damages.  Id. 

While the Cothron court also recognized that damages under BIPA are discretionary rather than mandatory,  id. at ¶ 43,  its holding has an enormous impact on the potential number of violations that could be asserted against defendants.  For example, while the plaintiffs in BNSF are not being permitted to assert a one-violation-per-scan theory in their new trial because the court found that plaintiffs had not adequately disclosed that theory, plaintiffs asserted that such a theory would have raised the number of violations from 45,600 to 1,171,608.  At the $5,000 per violation level, the maximum liquidated damages would be over $5.8 billion.  In another case, the Northern District of Illinois recently certified a class that is alleging that 2,620 people who used a biometric timeclock were scanned 2,439,412 times during the class periods.  Tapia-Rendon, et al. v. United Tape & Finishing Co., et al., No. 21 C 3400, 2023 WL 5228178, at *3 (N.D. Ill. Aug. 15, 2023).  At the $5,000 per violation level, that number of violations would mean maximum liquidated damages would be over $12 billion.

It remains to be seen what level of damages will ultimately imposed for BIPA violations, but the risk faced by defendants is clearly substantial.

Continue Reading BIPA Liability: Existing CGL Coverage May Provide a Lifeline for Policyholders

We keep hearing about how difficult it is for our clients to get property insurance these days, both for homes and businesses in Northern California’s wildfire-prone areas. Which, of course, is most of Northern California.  Those who have not yet been non-renewed are dreading a potential notice on their next renewal cycle, and those who have been non-renewed or are purchasing new property are increasingly left with the FAIR Plan as the only available option. 

There is hope that things will improve. On September 21, 2023, Governor Newsom signed an Executive Order urging Commissioner Lara to take action to address the crisis in the property insurance market.[1]

Simultaneously, the Department of Insurance (“DOI”) announced proposed regulatory changes intended to curb the exodus of insurance companies from the market and provide additional options for those having difficulty finding insurance.[2] 

Continue Reading Regulatory Changes Underway To Address Dwindling California Property Insurance Market

When an insurer accepts an insured’s tender and agrees to provide a defense, it is often an afterthought as to whether the insurer can actually recoup those defense costs or indemnity payments from the insured or defense counsel if things go south. But in certain circumstances, insurance carriers can, and sometimes do, seek to recoup defense costs—and occasionally even attempt to pursue defense counsel for malpractice.

Part I of this two-part article, published by the ABA’s Insurance Coverage Litigation Committee (ICLC), addresses how and where an insurer may directly pursue malpractice claims against defense counsel. While the majority of courts that have addressed the issue allow insurers to bring claims against defense counsel, there is a split between jurisdictions over the legal bases for those claims, which can also affect the likelihood of success. The three primary vehicles, discussed below, are (1) the tripartite relationship, (2) as third-party beneficiaries, and (3) contractual or equitable subrogation.

Continue Reading When Can an Insurer Pursue a Malpractice Claim Against Defense Counsel Retained for an Insured

We recently wrote an article for Private Company Director on how disputes between shareholders may not be governed by fiduciary duties but could be covered by insurance. 

Disputes regarding ownership interests often arise in the context of closely held corporations, particularly when directors, officers, or majority shareholders sell or acquire ownership interests in the company. These individuals owe fiduciary duties to act in the best interest of the company. Many minority shareholders are surprised to learn, however, that those obligations do not extend to them when they are negotiating the purchase or sale of their interests in the enterprise. Instead, both Delaware and California have treated such transactions as arms-length negotiations, which do not give rise to any fiduciary obligation on the part of the directors, officers, or majority shareholders on the other end of those transactions. 

Even in the absence of liability, however, such disputes can be time-consuming and expensive. If the corporation carries directors and officers liability insurance, the attorney’s fees and costs might be covered under the policy. It is important for directors, officers, or majority shareholders to be aware of their rights and obligations under such policies in order to perfect their claim to coverage. We address one of the most common coverage issues that arise in disputes like this, which, if not avoided, can negatively impact available insurance.

Read the full article on our website here.

To combat a perceived litigation tactic by plaintiffs counsel of using settlement demands within policy limits to set up insurers for bad faith, insurance company associations lobbied for statutory clarification to avoid uncertainty around insurers’ duties when faced with time-limited demands.

The result was the enactment of California Code of Civil Procedure Chapter 3.2, Sections 999–999.5, titled “Time-Limited Demands,” which goes into effect Jan. 1, 2023.

Claimants’ time-limited settlement demands often seek the available policy limits and are usually referred to in the industry as “policy limits demands,” though theoretically they could be for an amount below limits. The demands must be reasonable in order to subsequently impose extracontractual liability on an insurer for bad faith failure to settle.

For certain types of claims and policies, Section 999 imposes several new criteria that a presuit demand must comply with to be considered a reasonable offer to settle within policy limits. We’ll call these “Section 999 demands.”

Continue Reading New Statute Imposes Additional Requirements for Pre-Suit Demands—and Insurers’ Responses

An insurer in Washington could not eliminate its coverage obligation based on its insured’s recovery from a third party. T-Mobile USA, Inc. v. Steadfast Ins. Co., et al., No. 82704-9-I, 2022 WL 17246715 (Wash. Ct. App., Nov. 28, 2022). And in an Illinois case, an insurer could not refuse to cover its insured simply because its insured was able to deduct part of its settlement payment (which the insurer had refused to cover) from its tax obligation. Liberty Ins. Underwriters, Inc. v. Astellas Pharma US, Inc., Circuit Court of Cook County, Illinois County Dept., Chancery Div., 2019 CH 14483 (Nov. 28, 2022). In both cases, the courts did not have any sympathy for insurers that refused to perform under their insurance policies in the first place and then tried to take advantage of their insureds’ recoveries or reductions in liabilities. And the courts were intent on holding the insurers to the plain language of the policies and the promises they had made to the insureds. Continue Reading A Promise To Pay Is Just That: Two Courts Reject Insurers’ Bids To Escape Their Coverage Obligations by Complaining About Third Party Recoveries or Reductions in Liabilities

Multi-factor authentication (MFA) is more than an annoying popup or text message when logging onto a company’s website or platform. Not only is using MFA a sound security practice and good business,[1] it is frequently becoming a prerequisite to procuring (and keeping) cyber liability coverage. Following the May 2021 Colonial Pipeline ransomware attack which shut down the country’s largest oil pipeline for several days, more cyber insurers are now requiring policyholders to implement MFA. Last month, one tech manufacturer learned this lesson the hard way when its insurer filed suit for rescission of its insurance policy and a declaration that the insurer owed no coverage for the company’s losses stemming from a ransomware attack. Travelers Property Casualty Co. of America v. International Control Services Inc., No. 22-cv-2145, complaint filed, 2022 WL 2532994 (C.D. Ill. July 6, 2022). Continue Reading Using Multi-Factor Authentication as a Prerequisite to Cyber Liability Coverage

With news of massive data breaches making headlines in recent years, the handling of personal data has become a focus for legislators and regulators around the world.  Compliance with data privacy regulations such as the European Union’s General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA) promises to be one of the major challenges for businesses going forward as violations of these regulations present the risk of substantial fines or penalties.

In order to manage that potential liability, businesses have looked to cyber insurance. However, even when cyber insurance policies expressly state that they cover fines and penalties, whether or not they actually do so depends on whether fines and penalties are ‘insurable’ under the law that governs that coverage. Some jurisdictions prohibit insurance for fines and penalties as against public policy, and if the law of such a jurisdiction is deemed to govern, then even a policy that expressly promises to provide coverage may not protect the insured. Continue Reading Maximizing Your Insurance Coverage for Data Privacy Liability

I recently wrote an article for Business Insurance on how the war exclusion will affect commercial policyholders. The war exclusion has received a lot of attention over the past year, particularly since Russia invaded Ukraine in February. Policyholders’ concern that insurers will assert the exclusion as a basis to deny coverage is increasing in light of recent coverage litigation and the potential that cyberattacks emanating from Russia would have serious financial consequences.

The war exclusion is in a moment of possible flux, as insurers consider changes that could increase its scope. A few months before Russia invaded Ukraine, the Lloyd’s Market Association introduced four model clauses designed to exclude, to a greater or lesser extent, coverage for war risks from cyber policies.

In the article, I analyze the model clauses and what might happen next. One aspect of all these exclusions that is particularly worrisome is that they would give the insurer the right to determine whether a cyber operation was “indirectly” carried out “by or on behalf of” a sovereign state. The language potentially could result in the elimination of coverage for attacks in which the victim was not the intended target and the actor merely claims to be acting for the benefit, or in support of, a state rather than being directed by the state.

You can read the full article here.