Insurance Coverage For Claims Involving The Misuse Of Biometric Information

• Published date: 24 October 2022
• Subject Matter: Insurance, Privacy, Insurance Laws and Products, Privacy Protection
• Law Firm: Ervin Cohen & Jessup
• Author: Mr Peter Selvin

As the use of biometric information for verification purposes becomes widespread, employers and others should be aware of the statutes which regulate the collection, storage and dissemination of this data. In this regard, there have been several lawsuits involving the use or storage of biometric information which have resulted in multi-million dollar settlements.

The California Consumer Privacy Act (Civil Code sections 1978.100 et seq.) defines biometric information as follows:

"Biometric information" means an individual's physiological, biological, or behavioral characteristics, including an individual's deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. Cal. Civil Code ' 1798.140(b).

While a number of states, including California, have statutes which regulate the use or storage of biometric information, only two jurisdictions allow for a private right of action. These are the Illinois Biometric Information Privacy Act (commonly referred to "BIPA") and section 22-1201-1205 of the New York City Administration Code. Most of the reported litigation around biometric information has arisen out of claimed violations of BIPA.

In this regard, civil lawsuits seeking recovery of damages and attorneys' fees typically allege that the defendant used, collected and stored its employees' biometric data without informed consent. There is often the further allegation that the employer failed to inform its employees of the specific purpose, and length of time for which their biometric identifiers or information would be collected, stored and used. See, e.g., Twin City Fire Ins. Co. v. Vonachen Services, Inc., 2021 WL 4876943 (C.D. Ill. October 19, 2021).

Companies that have been sued for alleged misuse of biometric ought to consider tendering the claim to their liability insurance companies. For example, there may be coverage under CGL Policy's "personal and advertising injury" coverage, as a typical offense is "the oral or written publication of material that violates a person's...