Following the Illinois Supreme Court’s 2021 ruling in West Bend Mutual Insurance Co. v. Krishna Schaumburg Tan, Inc., 2021 IL 125978, which we covered in detail, a Chicago-based federal court recently handed another insurance coverage victory to businesses facing class actions under the Illinois Biometric Information Privacy Act (BIPA). The U.S. District Court for the Northern District of Illinois found that a general liability (GL) insurer had to defend its policyholders against two class action lawsuits alleging that the policyholders were selling biometric data in violation of BIPA and common law rights.
Continue Reading Illinois Court Builds on 2021 State Supreme Court Ruling to Find Further General Liability Insurance Coverage for Biometric Information Privacy Act (BIPA) Class Actions

Businesses operating in Illinois have faced thousands of lawsuits arising under the Illinois Biometric Information Privacy Act (BIPA), leading to hundreds of cases and related insurance claims. Insurance companies have aggressively denied coverage for these claims and filed litigation seeking court approval of their denials, forcing policyholders into a two-front legal war. Recently, the Illinois Supreme Court granted a major victory for businesses facing BIPA lawsuits, holding that a BIPA lawsuit alleging a wrongful sharing of biometric information fell within standard “personal or advertising injury” coverage in a commercial general liability policy and was not excluded.
Continue Reading Illinois Supreme Court Affirms BIPA Lawsuits Are Covered by GL Policies

In 1964, futurist Arthur C. Clarke predicted that in 50 years, people “will no longer commute—they will communicate.” For a significant portion of the American workforce, the future is now. COVID-19 has fundamentally changed how we communicate: The virtual meeting is suddenly our primary means of interaction with coworkers. Video conferencing platforms like Zoom, Microsoft

Insurance coverage lawyers and commentators have drawn considerable attention to state and federal data protection statutes in recent years. E.g., Freya K. Bowen, “Beyond GDPR: Insurance Coverage for Emerging Cybersecurity and Privacy Regulatory Exposure,” Perkins Coie Tech Risk Report (April 10, 2019), available here. Statutes governing the collection and use of biometric data have received much less attention, even though several states have passed such statutes and other states presently have some version under consideration. As previously noted in this blog, Jim Davis, “Biometrics Liability on the Rise: Are you Covered?” Perkins Coie Tech Risk Report (May 8, 2019), available here, these statutes apply to data as diverse as fingerscans DNA swabs, and even, potentially, facial recognition scans. Companies may be subject to regulatory actions or private litigation for violations, and, naturally, may seek insurance coverage for the resulting exposure. Some of these insurance claims will be subject to the same issues arising with claims relating to other data protection or privacy statutes, while other claims will raise specific insurance concerns unique to biometric data. Although these statutes are quite new, several recent cases help give policyholders a good indication of where the key risks may lie. Policyholders with exposure to these statutes should ensure that the appropriate insurance coverage is in place. 
Continue Reading Employee Biometric Data: Are You Covered for Collecting or Using It?

Data breaches are up significantly in 2019, exposing billions of confidential records and costing companies millions of dollars on average per breach. Security experts counsel their clients that data breaches are inevitable as even the largest, most secure systems may be breached. In spite of this environment, many tech companies are woefully unprepared to respond to a cyber intrusion, data breach, or other cyber-related event. Are you ready?

As insurance coverage lawyers, we often work with clients to confront this organization-wide challenge after a breach has occurred. The better approach, however, is to prepare in advance by understanding your risks, building a team, securing and monitoring your data, having a well developed and rehearsed response plan, and tailoring your insurance program to a possible breach. Additionally, having counsel involved throughout the preparation and response process is critical to protect privilege, minimize legal liability, and maximize insurance coverage. 
Continue Reading Preparing for Data Breaches: Data Mapping, Response Team and Insurance

Directors & Officers liability insurance—commonly known simply as D&O insurance—is meant to protect corporate directors and officers from, among other things, claims alleging breaches of duty and management failings that adversely affect the value of the company’s stock. And any event in which directors or officers are deemed to have had an oversight function could ultimately result in a claim that floats up to the director- or officer-level if the company’s stock suffers. 
Continue Reading D&O Coverage for Tech Risks – Don’t Let the “Invasion of Privacy” and “Professional Services” Exclusions Take You by Surprise

Biometric Privacy Lawsuits

In early 2019, the Illinois Supreme Court opened the floodgates for advancing private causes of action under the state’s 2008 Biometric Information Privacy Act (“BIPA”), 740 ILCS 14 et seq. In Rosenbach v. Six Flags, the Court found that no proof of actual injury or damage beyond technical infringement was necessary to state a claim under the BIPA. Now, Illinois courts are seeing a wave of BIPA class action lawsuits, even though the Six Flags case merely concluded that a biometric plaintiff had standing to sue and did not resolve the legal requirements necessary to prove a negligent or intentional violation of BIPA.
Continue Reading Biometrics Liability on the Rise: Are you Covered?

Social engineering and electronic impersonation scams have increased in recent years, as have cases involving resulting claims for insurance coverage. Claims typically involve the impersonation of a company executive, employee, or client and a fraudulent electronic communication directing an employee of the policyholder to transfer funds to another account. As outlined in our update of November 8, 2017, courts differ significantly as to whether or not this situation triggers coverage under a standard crime policy or fidelity bond. For example, some courts have held that the scheme does not produce a loss “resulting directly” from the “use of a computer” as required for certain “computer fraud” coverage. E.g., Apache Corp. v. Great Am. Ins. Co., 662 Fed. Appx. 252, 258 (5th Cir. 2016); Incomm Holdings, Inc. v. Great Am. Ins. Co., No. 1:15-cv-2671-WSD, 2017 WL 1021749, at *8-*10 (N.D. Ga. Mar. 16, 2017). Other courts have reached the opposite conclusion and found coverage. E.g., Principle Solutions Grp., LLC v. Ironshore Indem., Inc., No. 1:15-CV-4130-RWS, 2016 WL 4618761, at *2, *5 (N.D. Ga. Aug. 30, 2016).

Continue Reading False Pretense Exclusion No Bar to Coverage of Fraudulent Impersonation Scams

The European Union’s Global Data Protection Regulation (GDPR) took effect on May 25, 2018, and drastically expanded the compliance obligations of companies involved in the collection, use, and management of any European Union citizens’ data. The GDPR imposes a strict regulatory scheme with steep penalties for non-compliance, with maximum fines set at the greater of 20 million Euros or 4% of a company’s annual worldwide revenue. GDPR Art. 83, § 5. Please refer to Perkins Coie’s GDPR Resources for a more comprehensive overview.
Continue Reading Will Your Cyber Policy Provide Coverage for GDPR Violations?

Welcome to The Perkins Coie Tech Risk Report, a source for updates on, and analysis and interpretation of, insurance issues relevant to emerging technologies. We will address coverage issues related to cyber coverage, privacy, digital assets like cryptocurrency, Blockchain and other emerging technologies. The blog is written for start-ups and other companies dealing with emerging