November 22, 2021

EPL Policy Triggers Duty to Defend Employment-Related Biometric Information Privacy Act Claims

For the last several years, the plaintiff’s bar has been bombarding companies doing business in Illinois with class action claims under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq. Generally speaking, BIPA imposes certain notice, consent and other obligations on entities that collect biometrics in Illinois. Many of these cases are premised on employees’ use of so-called biometric timeclocks that purportedly scan employees’ fingerprints for timekeeping purposes. 

This spate of BIPA class action lawsuits, in turn, has spawned derivative disputes over the scope of insurance coverage for such claims. Recently, an Illinois federal court concluded that an insurer has a duty to defend such claims under its employment practices liability (EPL) policy.

In Twin City Fire Insurance Co. v. Vonachen Services, Inc. et al., the insured was alleged to have violated BIPA in connection with its purported fingerprint-based employee timekeeping system. The insurer filed a declaratory judgment action contending that it owed no insurance obligations for these BIPA claims. On cross-motions for summary judgment, the United Stated States District Court for the Central District of Illinois found a duty to defend under the applicable EPL policy.

In particular, the employer’s EPL policy provided coverage for an “Employment Practices Wrongful Act,” which included an employee’s claim for “breach of any oral, written, or implied employment contract, including, without limitation, any obligation arising from a personnel manual, employee handbook, or policy statement.” The employer-insured’s handbook required employees to use the designated timekeeping system or face discipline up to and including termination. The handbook also provided that the employer-insured “will comply with all applicable laws and regulations.” 

Thus, according to the court, the alleged BIPA violations — stemming from the insured’s mandating use of an alleged fingerprint-based timekeeping system — triggered the insurer’s duty to defend. Moreover, the EPL policy also covered an “employment-related invasion of privacy,” which the court found to be an “integral part” of the alleged breach of an employee handbook. Note, however, the court did not find the parties’ Directors, Officers and Entity Liability Coverage (D&O) policy applied to the BIPA dispute, and it also tabled the issue of a duty to indemnify (separate and apart from the duty to defend).

Whether other courts will find a duty to defend employment-related BIPA claims under an EPL policy remains to be seen, but this recent decision suggests that insurers and insureds alike should review their existing policies to assess the potential for coverage as BIPA lawsuits continue to be filed at a blistering pace.

The Faegre Baker Daniels website uses cookies to make your browsing experience as useful as possible. In order to have the full site experience, keep cookies enabled on your web browser. By browsing our site with cookies enabled, you are agreeing to their use. Review Faegre Baker Daniels' cookies information for more details.