: The court found that BIPA violations fall under the policy’s "personal injury" provision, which covers injuries arising from the "publication" of material that violates a person's right of privacy .
: The court ruled that sharing biometric data with even a single third-party vendor —in this case, the salon's fingerprint system provider—constituted a "publication". 125978
: West Bend argued that a "violation of statutes" exclusion barred coverage. However, the court ruled this exclusion only applied to statutes governing methods of communication (like the TCPA or CAN-SPAM Act), not privacy laws like BIPA. 📈 Why This Matters for Businesses : The court found that BIPA violations fall
The case began when a customer filed a class-action lawsuit against a tanning salon, , alleging the salon collected fingerprints without providing the proper written disclosures required by BIPA. However, the court ruled this exclusion only applied
This decision was a major victory for policyholders, often referred to as a win for —situations where traditional policies end up covering cyber-related risks because they aren't explicitly excluded.
Did policy exclusions for "statutory violations" apply to BIPA? 🛡️ Key Rulings from the Court
Krishna sought a legal defense from its insurer, , under its commercial general liability (CGL) policy. West Bend refused, sparking a legal battle over two main questions: Did a BIPA violation count as a "personal injury"?