The Illinois Supreme Court recently sided with an insured seeking to defend himself against his insurer in a lawsuit brought by a client of a tanning salon alleging that the insured had unlawfully disclosed the customer’s biometric information to a third party.
In the written opinion in West Bend Mutual Insurance Co. v. Krishna Schaumburg Tan Inc., Judge P. Scott Neville Jr. explained that Krishna Schaumburg Tan Inc. (Krishna), a tanning salon and franchisee in LA Tan, was sued by client Klaudia Sekura who claimed that Krishna had violated the provisions of the Illinois Biometric Information Privacy Act (law), which “regulates the collection, retention, disclosure and destruction of identifiers and biometric information.”
Illinois enacted the law in 2008; it recognizes the uniqueness of biometric identifiers such as retina or iris scans, fingerprints, voice prints, palm prints and facial geometry. It requires private entities to publicly disclose their policies regarding biometric information and to obtain the consent of individuals for the use of such information. In January 2020, Facebook agreed to pay $ 550 million to Illinois users of the social media site who alleged in a class action lawsuit that Facebook’s facial recognition feature violated their privacy under US law. ‘Illinois.
Krishna had collected the fingerprints of Sekura and other clients. Sekura’s lawsuit alleged that Krishna violated the law by disclosing “biometric information containing his fingerprints” to an out-of-state third-party provider, SunLync “” without his permission. Krishna filed a claim with his insurer, West Bend Mutual Insurance Co. (West Bend), asking for a defense. “West Bend filed a declaratory judgment action against Krishna and Sekura, claiming that he had no duty to defend Krishna against Sekura’s lawsuit,” Neville wrote.
Krishna filed a counterclaim for summary judgment, which Sekura joined in seeking “alternative relief”. The trial and appellate courts concluded that West Bend had a duty to defend Krishna. The insurer appealed to the Illinois Supreme Court, which supported the lower court decisions.
Secura filed a class action lawsuit that included other clients affected by Krishna’s alleged actions. In a three-part complaint, Secura alleged that Krishna: (1) collected and disclosed customer biometric information without first obtaining written permission; (2) enriched himself unjustly by failing to comply with the law; and (3) was negligent “in breach of his duty of due diligence by violating the Act”.
Sekura demanded reimbursement of the money paid for Krishna’s services and $ 1,000 in legal damages for each of Krishna’s alleged violations.
Krishna had purchased two business owners’ liability insurance policies in West Bend; the first was in effect from December 1, 2014 to December 1, 2015, and the second was in effect from December 1, 2015 to December 1, 2016.
In his request for a declaratory judgment, West Bend asserted that the claim against Krishna did not fall within the scope of the policies for bodily injury or injury caused by advertising, and that otherwise violations of the exclusions. laws in the policies prevent the insurer from coverage.
West Bend also argued that the personal and / or publicity harm alleged in the complaint does not trigger coverage under the policies, as it contends that the information was disclosed to only one party (SunLync). Such a disclosure could not be considered publication of the information, argued West Bend.
West Bend also “maintained that the violation of the policy exclusion rule applies and prohibits Krishna from covering the Sekura trial because Sekura’s claims clearly fall within the violation of the policy exclusion”, states the court’s opinion.
West Bend policies did not define the term “publication,” the court noted. However, in its documents, the insurer argued that West Bend “the ‘publication’ refers to the communication or distribution of information to the public.”
Since the term “publication” was not defined in the policies, the court considered dictionary definitions of the term, as well as those from insurance law, privacy treaties and the common law. , concluding that in all cases “publication” can mean “both communication to a single party and communication to the general public. Thus, the court considered that the term “publication” in the West Bend policies was ambiguous and should be interpreted against the insurer who drafted the policy.
The “right to privacy” was also not defined in West Bend’s policies, the court found. However, the right to privacy has been recognized by the courts as including “the primary interests of privacy: seclusion and secrecy,” the opinion says.
Illinois law “protects a secret interest – here an individual’s right to keep personal identifying information such as fingerprints secret.” Therefore, the notice states, “Sekura’s claim that Krishna shared his credentials and biometric information with SunLync alleges a potential violation of Sekura’s right to privacy under West Bend policies.
The court also challenged West Bend’s assertion that the violation of the statute exclusion applies in the case against Krishna. He noted that the Court of Appeals, when reviewing West Bend’s policies, had “found that the exclusion of violation of laws was intended to prohibit coverage of violation of” laws which govern certain methods of communication. , namely e-mail, fax and phone calls “,” but not to “other laws which restrict the sending or sharing of certain information”, such as the Illinois Biometric Act .
The court ultimately concluded that the allegations in Sekura’s complaint fell or potentially were covered by the coverage provided by West Bend’s policies and that “the violation of the exclusion of laws in West Bend’s policies does not apply.” not to the law ”.
He upheld lower court judgments that “West Bend has a duty to defend Krishna in Sekura’s trial”.
Illinois Privacy Carriers