Privacy Risk Report

Tressler’s Privacy Practice Group brings you recent developments and insights on cyber liability, privacy and data storage.

“Publication” has always been an important consideration under the Personal Injury prong of commercial general liability policies (“CGL”). Likewise, questions related to “publication” are growing in importance in litigation involving Illinois’ Biometric Information Privacy Act (“BIPA”). For example, Illinois courts have previously found that BIPA claims involving “publication” of biometric information to a third party may trigger coverage under the “personal injury” definition of CGL policies. And now, a recent Illinois Court of Appeals decision…
In a decision last week entitled Landry’s, Inc. v. The Ins. Co. Of The State Of Pennsylvania, No. 19-20430, 2021 WL 3075937 (5th Circ., July 21, 2021), the Fifth Circuit Court of Appeals found coverage under a CGL Policy for a traditional data breach. More particularly, the Fifth Circuit held the insurer has a duty to defend Landry’s in the litigation that resulted from a breach incident involving credit card information. This case marks a…
On May 20, 2021, the Illinois Supreme Court delivered its opinion in W. Bend Mut. Ins. Co. v. Krishna Schaumburg Tan, Inc., 2021 IL 125978[1] regarding whether the claims contained in a lawsuit alleging the violation of the Biometric Information Privacy Act (“BIPA”) were covered under a business owners’ liability policy. In the underlying lawsuit, Klaudia Sekura (“Sekura”)[2] filed a class-action suit against Krishna Schaumburg Tan, Inc. (“Krishna”), a tanning salon and franchisee…
The Indiana Supreme Court became one of the first state high courts to weigh in and issue a decision on whether crime insurance provides coverage for ransomware attacks. The trial court’s ruling in favor of Continental Western Insurance Co.’s motion for summary judgment upheld the denial of G&G Oil Co.’s bid for coverage. The Supreme Court remanded the case because further fact-finding was necessary to uncover the “fraudulent” nature of the hacker’s actions. It was…
There is no question that the Illinois Biometric Information Protection Act of 2008 (“BIPA”) has given rise to a number of unique questions under both privacy law and insurance law. First, many data collectors caught in the crosshairs of BIPA are surprised to learn this law has been in effect since 2008. Further, a substantial amount of the technology that now creates BIPA issues was not invented or, at least, was not publicly available in…
Over the last couple of years, alleged privacy violations of the Illinois Biometric Information Privacy Act (“BIPA”) have flooded Illinois courts. One unique aspect of the BIPA class action cases in Illinois is seen when plaintiffs do not have to allege any actual injury or adverse effect. That is, since the Illinois Supreme Court’s decision in Rosenbach v. Six Flags Ent. Corp., 432 Ill. Dec. 654, 129 N.E.3d 197 (Ill. 2019), Illinois courts have found…
While this year has been an unpredictable year for all data collectors, it has been especially harsh for public and private schools. In addition to various obligations on all data collectors, schools hold sensitive information belonging to children that require more obligations.  Schools must balance these obligations as they lead their students and employees through online learning during 2020. That is, to continue teaching children, most schools have had no choice but to rely on third-party applications…
While data collectors had no time to prepare for employees to start working from home in early 2020, there is time to prepare for the shift back to the office. Without a doubt, many data collectors are struggling with the cybersecurity risks created by employees shifting from the office to their homes in 2020. Interestingly, despite having no time to prepare for the shift home in early 2020, we have not heard much news about breaches…
On September 18, 2020, the Illinois Court of Appeals, First District, took another shot at reconciling some of the inconsistencies in the application of Illinois’ Biometric Information Privacy Act (“BIPA”) (740 ILCS 14/1 et seq. (West 2018)) to the workplace. The interlocutory appeal in McDonald v. Symphony Bronzeville Park LLC, 2020 IL App (1st) 192398 (Sept.18, 2020), put a single issue before the First District: “Do[] the exclusivity provisions of the Workers’ Compensation Act bar…
It is difficult to believe the Illinois Biometric Information Protection Act, 740 ILCS 14, (“BIPA”) has been in effect for more than 10 years since October 3, 2008. Many data collectors are surprised BIPA has been in effect for all these years. Issues related to biometric data have only recently grown into a major concern as the equipment that collects biometric data has evolved to the point that it can be found in a number…