On September 24, 2021, a federal court in North Carolina ruled that CGL insurers had no duty to defend the insured under North Carolina law for an Illinois Biometric Information Privacy Act (BIPA) class action claim. Massachusetts Bay Insurance Company et al. v. Impact Fulfillment Services, LLC, 1:20CV926, U.S. Dist. Ct., Middle District N.C. (Sept. 24, 2021) The court held that coverage was precluded by the exclusion for Recording and Distribution of Material or Information.
The insureds, Impact Fulfillment Services LLC and IFS Holdings, LLC (collectively, Impact), were sued by employees who alleged various violations of the Illinois Biometric Information Privacy Act (BIPA) arising out of Impact’s use of fingerprint scans for timekeeping purposes. The insurers denied coverage on various grounds, including the Recording and Distribution of Material or Information exclusion. The exclusion, broader than the Distribution of Material exclusion employed in older policies, prohibits coverage for “‘personal and advertising injury’ arising directly or indirectly out of any action or omission that violates or is alleged to violate:
(1) The Telephone Consumer Protection Act (TCPA), including any amendment of or addition to such law;
(2) The CAN-SPAM Act of 2003, including any amendment of or addition to such law;
(3) The Fair Credit Reporting Act (FCRA), and any amendment of or addition to such law, including the Fair and Accurate Credit Transactions Act (FACTA); or
4) Any federal, state or local statute, ordinance or regulation, other than the TCPA, CAN-SPAM Act of 2003 or FCRA and their amendments and additions, that addresses, prohibits, or limits the printing, dissemination, disposal, collecting, recording, sending, transmitting, communicating or distribution of material or information.
Spoiler alert – the catch-all provision under subparagraph (4) is key.
Looking to other federal court decisions (full disclosure: one of the authors litigated the Urban Outfitters decision cited by the court), the court agreed that the exclusion had a broad scope to prohibit coverage for privacy-related statutes. Focusing on the broad language of the catch-all provision, the court stated that “[t]his exclusion, like the exclusions in Greve and Urban Outfitters, applies to any statute that prohibits or limits ‘the printing, dissemination, disposal, collecting, recording, sending, transmitting, communicating or distribution of material or information.’” The scope of the catch-all, according to the court was “consonant” with BIPA claims:
BIPA regulates the retention, collection, disclosure, and destruction of biometric identifiers or biometric information. 740 Ill. Comp. Stat. 14/15. The language of the exclusion in this case, which bars the “collect[ion]” and “dissemination” of information, is consonant with BIPA’s prohibition against collection and disclosure of biometric identifiers and biometric information.
In addition, the court held that “BIPA is of the same kind, character and nature as the enumerated statutes” to warrant application of the exclusion, thereby rejecting Impact’s attempt to narrow the exclusion based on the specific focus of each enumerated statute in the catch-all paragraph. Again, looking to the same federal court decisions, the court observed that those decisions opined that the primary purposes of statutes like the TCPA and FCRA were to protect consumer privacy. Thus, because those decisions applied the exclusion to statutes protecting consumer privacy, and because BIPA’s purpose also is to protect consumer privacy, the exclusion applies to BIPA claims. The court explained:
This indicates the main purpose of this exclusion is to exclude from coverage statutes that protect and govern privacy interests in personal information. Like those statutes, BIPA protects and governs a person’s privacy interest in their biometric information. 740 Ill. Comp. Stat. 14/15.
“Applying the principles of ejusdem generis, because BIPA is of the same kind, character and nature as the listed statutes, this court finds that the Recording and Distribution of Material or Information Exclusion applies.”
What this Case Means: This decision makes clear that West Bend is not the end all and be all when evaluating coverage for BIPA claims. This case highlights the relatively narrow scope of the exclusion at issue in West Bend and demonstrates that, as always, the precise terms of the policy at issue should be carefully considered in connection with any BIPA claim.
Of critical note, the Impact court rejected the approach adopted in West Bend to view TCPA as a statute that merely regulates phone calls and facsimiles, and instead saw TCPA and the other statutes enumerated in the exclusion for what they are: laws enacted to protect consumer privacy. The court said:
Contrary to Defendant’s assertion the TCPA is intended to regulate unwanted telephone communications, (Defs.’ Resp. (Doc. 32) at 13), case law reflects the TCPA is more broadly intended to protect privacy. [Citing cases.]
Labelling the TCPA for what it clearly is – a statute enacted to protect consumer privacy interests – combined with federal courts around the country applying the exclusion to other privacy statutes led the court to the only logical conclusion: “This indicates the main purpose of this exclusion is to exclude from coverage statutes that protect and govern privacy interests in personal information.”
Although several other exclusions also were raised in the opinion, analysis of their application was rendered moot by the court’s decision and thus not addressed.
Since the Illinois Supreme Court’s decision in West Bend, policyholder attorneys have been declaring that the BIPA coverage fight is over. The Impact decision illustrates what other coverage attorneys have been saying all summer; the debate over whether BIPA is covered under a CGL Policy has only just begun.