595 F.Supp.3d 677
N.D. Ill.2022Background
- Thermoflex Waukegan purchased commercial general liability (CGL) policies from Mitsui Sumitomo and sought defense/indemnity after a former worker, Gregory Gates, sued under the Illinois Biometric Information Privacy Act (BIPA) for requiring handprint scans and allegedly transmitting that data to a third-party vendor without consent.
- Gates’ state-court complaint alleges disclosure and other BIPA violations based on Thermoflex’s collection, use, retention, and sharing of biometric identifiers.
- Mitsui agreed CGL policies cover "personal and advertising injury" but denied coverage, citing several exclusions in the CGL policies (notably the "Access or Disclosure of Confidential or Personal Information" exclusion).
- The parties cross-moved for summary judgment on Mitsui’s duty to defend and indemnify under the CGL policies; excess/umbrella policies were reserved for further briefing.
- The court applied Illinois law, found the policy language unambiguous, and concluded the Access/Disclosure exclusion precludes coverage for the Gates lawsuit, granting Mitsui’s motion and denying Thermoflex’s as to the CGL policies.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Does Mitsui owe a duty to defend Thermoflex against the BIPA suit? | Gates’ allegations trigger "personal and advertising injury" coverage, so Mitsui must defend. | Even if coverage is triggered, an exclusion (Access/Disclosure) bars any duty to defend. | Held: No duty to defend under the CGL policies because the Access/Disclosure exclusion applies. |
| Whether the Access/Disclosure exclusion covers biometric information (hand scans) | BIPA distinguishes biometric identifiers from other "confidential and sensitive information," so the exclusion should not encompass biometric data. | The exclusion covers "any access to or disclosure of any person's ... personal information," and biometric data is plainly personal/nonpublic information. | Held: Exclusion unambiguous and covers biometric information; BIPA definitions do not prevent exclusion’s plain meaning. |
| Whether interpretive canons (ejusdem generis / noscitur a sociis) limit the listed examples in the exclusion | The list following "including" narrows the preceding broad language; biometric data dissimilar from items listed. | The list is illustrative, not exhaustive; the broad term "any" controls; ejusdem generis does not apply to unambiguous language or dissimilar items. | Held: The exclusion’s plain language governs; ejusdem generis inapplicable; biometric data falls within the exclusion. |
| Does applying the exclusion render the policy’s coverage illusory ( swallow other coverage )? | Excluding access/disclosure of personal info would eviscerate the personal and advertising injury coverage. | The policy still covers other types of personal and advertising injury (e.g., false light, defamation), so coverage is not illusory. | Held: Exclusion does not make coverage illusory; other covered claims remain outside the exclusion. |
Key Cases Cited
- Mashallah, Inc. v. W. Bend Mut. Ins. Co., 20 F.4th 311 (7th Cir. 2021) (insurance-policy interpretation governed by contract principles)
- Outboard Marine Corp. v. Liberty Mut. Ins. Co., 607 N.E.2d 1204 (Ill. 1992) (insurer’s duty to defend is broader than duty to indemnify)
- Scottsdale Ins. Co. v. Columbia Ins. Grp., Inc., 972 F.3d 915 (7th Cir. 2020) (goal of policy interpretation is to effectuate parties’ intent from policy language)
- Sanders v. Ill. Union Ins. Co., 157 N.E.3d 463 (Ill. 2019) (clear and unambiguous policy language is given its plain meaning)
- Fox v. Dakkota Integrated Sys., LLC, 980 F.3d 1146 (7th Cir. 2020) (characterizing biometric invasions of privacy under BIPA as significant and permanent)