Assume that your business is sued for multiple claims including negligence, defamation, and fraud arising out of the same event. Most likely, your business has a commercial general liability policy of insurance that provides coverage for negligence claims, but not intentional torts. What protections does that policy actually provide?
Although intentional acts are typically excluded from insurance policies, your business’s insurer would have a “duty to defend” your business from the negligent and intentional acts in this hypothetical. This means that the insurance company must appoint an attorney for your business at the insurer’s expense (less any applicable deductible) to defend the suit. Although a duty to defend may exist, the insurer ultimately might not be required to pay (indemnify) your business if the plaintiff were to recover a money judgment against the business for those claims based on the intentional acts. This is because Illinois law is clear that an insurer’s duty to defend its insured is broader than the duty to indemnify the insured.
As for the duty to defend, if the facts alleged in the underlying complaint fall within, or potentially within, the policy’s coverage, the insurer’s duty to defend is triggered. The insurer’s duty to defend is triggered even if the allegations in the complaint are groundless, false, or fraudulent, and even if only one of several of the plaintiff’s theories is within the potential coverage of the policy. In the hypothetical lawsuit, even if some of the claims alleged against your business ultimately are not covered, the insurer likely has a duty to defend against both the covered and uncovered claims. However, the duty to indemnify only arises if the insured has a judgment against it on an underlying claim and that the insured’s activity is covered by the policy. Thus, if judgment is entered against the business on an uncovered claim, the insurer will not have a duty to pay that judgment entered against your business even though its appointed attorney defended the claim.
Having an experienced attorney evaluate your business’s insurance policy for coverage is critical. For more information regarding these or similar issues, please contact Roenan Patt at email@example.com or (312) 368-0100.
In order to increase productivity and efficiency, businesses are increasingly using biometric data to identify employees, customers and other individuals. For example, some employers use biometric data to identify their employees and track work hours for purposes of compensation. Biometric information includes fingerprints, retina scans, facial scans, hand scans, or other identifiers that are biologically unique to a particular person. While convenient, and seemingly secure, such biometric identification methods raise serious privacy concerns. The Illinois Biometric Information Privacy Act, 740 ILCS 14, et seq. (“BIPA”), imposes many requirements concerning the collection, use, storage, and destruction of biometric information with which businesses, including employers, must comply, or risk liability.
Under BIPA, before an Illinois business collects, stores, or uses biometric identifiers, it must develop a written policy and make the policy available to the public. The policy must include a retention schedule describing how long such data will be stored, and provide guidelines for its destruction when the reason for the original collection of the data no longer exists, such as when an employee resigns. Additionally, Illinois businesses must describe and adhere to a destruction schedule for biometric information that it is no longer using. If no schedule is provided, then BIPA requires that a business destroy such information within three years of the individual’s last interaction with the business.
In addition to the required written policy, Illinois businesses must obtain consent and a written release from an individual prior to collecting biometric information. BIPA is currently one of the strictest state statutes regarding the collection, retention, storage and use of biometric information. Before biometric information may be collected, all Illinois private entities must (1) inform the individual in writing that a biometric identifier is being collected or stored, (2) inform the individual in writing of the specific purpose and length of time for which the biometric identifier is being collected, stored and used, and (3) receive a written release executed by the individual assenting to the collection, storage and use of a biometric identifier. Absent a court order or law enforcement directive, businesses may not share biometric information without express consent from the individual.
Illinois businesses that utilize biometric identifiers but do not comply with BIPA may face severe consequences. BIPA provides that individuals may bring an action against a business that negligently or intentionally violates a provision of BIPA. If the claim is for negligence, the business may be liable for damages up to $1,000 per violation, and if the claim is for an intentional violation of BIPA, the business may be liable for damages up to $5,000 per violation. Damages in either category may be higher if actual damages exceed these numbers. An aggrieved party may also receive attorneys’ fees and costs, an injunction, and other relief.
Recently, privacy-related claims are on the rise as a result of BIPA. Since mid-2017, over 25 lawsuits have been filed in Illinois alleging violations of BIPA. The majority of the cases are class action lawsuits by employees claiming violations of BIPA relating to employee time clock technology that uses an employee’s fingerprint as a means of identification. Time will only tell whether employers will spend the additional resources necessary to comply with BIPA, or choose to avoid the use of biometric identifiers and information altogether.
For more information regarding BIPA compliance and other privacy issues, please contact:
(312) 368-0100 or firstname.lastname@example.org.