Since Illinois passed its Biometric Information Privacy Act (BIPA) in 2008, there has been a proliferation of class action lawsuits filed pursuant to the statute. BIPA generally bars private entities from collecting, capturing, purchasing, receiving, or otherwise obtaining a person’s biometric information without obtaining that person’s advance, informed consent (see 740 ILCS 14/15(b)), and grants a private right of action to individuals who are “aggrieved” by a violation of the statute, entitling them to recover liquidated or actual damages as well as attorneys’ fees and costs (see 740 ILCS 14/20).

The Illinois courts are sorting out the question of the availability of insurance coverage for such BIPA suits under Commercial General Liability (CGL) policies. Of course, the standard CGL definition of covered “personal and advertising injury” includes “oral or written publication of material that violates a person’s right of privacy.” In May of 2021, an Illinois Supreme Court case, West Bend Mutual Insurance Co. v. Krishna Schaumburg Tan, Inc., 183 N.E.3d 47 (2021), addressed the threshold question of whether BIPA claims fall within this basic definition. The court agreed that the gravamen of such claims is invasion of privacy, and that the purpose of the statute is to prevent such invasions. Krishna also rejected the insurer’s argument that the policyholder’s alleged conduct did not constitute an “oral or written publication” because biometric data was merely collected and given to a single third party (a service provider for the policyholder). The court ruled that even providing the information to one other party is a “publication”; the dissemination need not be widespread. Continue Reading Illinois Courts Largely Favor Coverage for BIPA Cases Under CGL Policies

The “war” exclusion has gotten more attention over the past couple of weeks in light of Russia’s invasion of Ukraine. For good reason. This exclusion, common in property and liability policies alike, typically eliminates coverage for losses caused by “hostile or warlike action” from a nation-state or its agencies, or by military forces. Insurers have recently invoked this exclusion in an attempt to avoid providing coverage for losses arising from Russia’s 2017 “NotPetya” cyberattack against Ukraine, which spread beyond Ukraine’s borders and caused widespread damage to computer systems, including hardware, at a number of companies around the world.

A New Jersey court recently rejected an insurer’s reliance on a “war” exclusion in a property insurance policy, under which the insured had sought coverage for losses caused by the NotPetya cyberattack. See Merck Co. Inc. et al. v. ACE American Insurance Co. et al., Case number UNN L 002682-18, in the Union County Superior Court of New Jersey. Continue Reading The War Exclusion in a Time of War

Corporate policyholders often assume their computer fraud crime insurance will cover so-called social engineering thefts. Reasonably so.  Fraudsters commit these crimes by using computers to trick innocent employees into transferring corporate funds to what they believe are legitimate bank accounts, only to discover later that the accounts are controlled by criminals who have stolen the money. Although most people would consider this to be computer fraud, crime insurers have resisted covering such thefts. And some courts have sided with the insurers. Until recently, insurers could point to the Ninth Circuit Court of Appeals as being one of those courts. On January 26, the Ninth Circuit finally set the record straight in Ernst and Haas Management Company, Inc. v. Hiscox, Inc., 23 F.4th 1195 (9th Cir. 2022), by repudiating a prior unpublished ruling and finding coverage for a social engineering theft under California law. This ruling gives policyholders a boost in their crime coverage claims for social engineering theft losses and removes a cudgel from the insurers’ hands. Continue Reading Crime Insurance for Social Engineering Thefts: The Ninth Circuit Finally Joins the Party

In Verizon Communications Inc. v. National Union Fire Insurance Co. of Pittsburgh, Pa.[1] the Delaware Superior Court ruled that Verizon was entitled to a defense under its D&O policy for fraudulent transfer claims. Although the decision relies on unique facts and specific policy language, it provides guidance on how to exploit minor but critical differences in policy language to expand the company’s coverage beyond claims involving securities fraud.

The opinion also rejected the insurers’ efforts to limit coverage under a separate policy, based on their contention that the subsidiary out of which the liabilities arose was not a subsidiary when the policy was purchased. And finally, it handed policyholders a practical and valuable gift of universal application, holding that an insurer who wrongfully refuses to defend a claim cannot contest the reasonableness of the fees incurred by the policyholder to defend the case.

Whether or not it is successfully challenged on appeal, the Verizon decision is an important reminder not to make assumptions as to what is or isn’t covered under any type of insurance policy. Coverage depends on the particular language of the policy under review and the particular facts for which claims are sought. Continue Reading In Verizon Decision Careful Review of Insurance Policies Expands Coverage

Two phrases combined in a single exclusion—“alleging, arising out of, based upon or attributable to any violation of any law…” and “as respects… unfair trade practices” could inspire carriers to make trouble for policyholders seeking coverage for consumer protection claims. Fortunately, a recent federal decision recognizes that California rules of policy construction limit the scope of this exclusion, in line with a policyholder’s reasonable expectations of coverage. Continue Reading “Unfair Trade Practices” Exclusion Does Not Extend to Consumer Protection Claims

Unfortunately, we again write while wildfire is devouring homes and businesses in Napa and Sonoma, and threatening many more. We’ve previously posted tips about first steps that you should take in the event your business has suffered a fire loss. We want to provide this refresher, as prompt action is important to preserve your business’ rights under its insurance policies and to maximize its ultimate insurance recovery. If your business has sustained a fire loss, below are steps for you to take in working with your insurers to ensure that you receive the maximum benefits under any applicable insurance policies. Continue Reading Maximizing Business Insurance Coverage Benefits After a Fire

Though much of the conversation regarding insurance coverage for COVID-19-related losses has focused on the potential for business interruption-type coverage (see prior discussion here), insureds should not overlook the potential that COVID risks trigger other types of coverage. For example, as previously discussed here, some insureds may seek coverage under D&O policies should they face securities and derivative-type claims.

In addition to the forms of coverage we’ve previously blogged about, businesses who have continued operations during the pandemic as well as those considering whether, when, and how to reopen their businesses in the coming weeks and months should consider whether they will be able to access coverage under their GL policies for some COVID-related claims. For example, companies that continue or restart operations in some form during the pandemic may anticipate claims from individuals who allegedly contracted the virus while interacting with that company’s employees or independent contractors. While those claims will likely face significant causation issues (will plaintiffs be able to substantiate transmission from a particular source though some combination of location tracking data and genetic testing of the virus?), these kinds of claims can be costly to defend and may create significant risks for certain businesses. Continue Reading COVID-19 Exposure and GL Coverage: Issues for Personal Injury Claims

Over the last few weeks we have seen a number of informative articles discussing the crucial issue of coverage for business interruption claims arising out of government shutdowns of businesses to inhibit the spread of COVID-19, here. As the economic disruption from these efforts continues, however, we are likely to see impacts in the Directors & Officers Liability market – not only from claims that trigger D&O policies, but also additional challenges in placements and renewals of D&O programs. Continue Reading Directors & Officers Liability Issues and the Coronavirus: Is That a “Thing”?

The coronavirus (COVID-19) has already caused severe disruption to the economy. In the U.S., governmental entities as well as the private sector are implementing more and more drastic measures to respond to the coronavirus.  While these efforts may be wise in light of the substantial public health concerns, they threaten to bring parts of the economy to a virtual halt, adversely impacting most every business and resulting in substantial losses.  The Organization for Economic Cooperation and Development estimates that if the coronavirus continues to spread more widely, it could cut global growth in 2020 by half.

Business Interruption

As a company determines the impact of the coronavirus on its business, it should assess the business interruption coverage available under its commercial property (or “first-party”) insurance policies.  Continue Reading Business Interruption Coverage for the Coronavirus (COVID-19)

The cyber insurance markets are beginning to adapt to the new California Consumer Privacy Act (CCPA) which went into effect on January 1, 2020.

There is great variation in how cyber insurance policies currently address risks under the CCPA. And further developments are expected as the law begins to impact companies under its jurisdiction—that is, companies that, regardless of their location, are for-profit, collect data from California residents, and either have annual revenue of at least $25 million; or collect, store and/or save the data of at least 50,000 California data subjects; or realize at least half of their revenue from the sale of data.

It is critical that companies subject to the CCPA understand the nuances of cyber insurance policies, and how they may be able to negotiate favorable coverage terms when they buy or renew them this year.

I dive into the CCPA’s impact on insurance policies in an article I co-authored with my Farella colleagues Sushila Chanana and Nate Garhart for TAG Cyber Law Journal. Read the full article, here.