Cyber Insurance Policy

Cyber Insurance Policy Provides Coverage in Biometric Lawsuit: Cybersecurity Trends

In a Biometric Information Privacy Act (BIPA) lawsuit, a tech company found a defense in an unexpected place – its cyber insurance policy.

According to Legaltech® News (A Tech Company Found a BIPA Defense in An Unexpected Place: Its Cyber Insurance Policy, written by Isha Marathe and available here), the Illinois Appellate Court in the first judicial district recently issued an opinion in a BIPA lawsuit, Remprex, LLC v. Certain Underwriters at Lloyd’s London, finding that a cyber insurer, Lloyd’s of London, was obliged to defend its client, technology company Remprex, under its cyber policy.

The tech company accrued the BIPA violations when it fingerprinted its client, BNSF Railway Company’s employees in a third-party capacity, and allegedly, improperly collected and stored the biometric data, according to a lawsuit, Rogers v. BNSF Ry. Co., in the United States District Court for the Northern District of Illinois.


In this case, the court found that Remprex was entitled to being defended by Lloyd’s under the media material liability portion of its cyber insurance policy. The definition of “media material” was broad enough in the policy to encompass fingerprints, apparently because a fingerprint or retina scan which is turned into data can in fact still be considered a type of media, like a magazine or image.

For policyholders, the development may mean an opportunity for much-needed protection as the cost of BIPA sanctions continue to soar to surprising heights. However, for cyber insurers, already strained under the brunt of more traditional data exposures, an additional BIPA coverage obligation may not be ideal.

Insurance attorneys told Legaltech News that the court’s opinion has nuanced repercussions. While it did wedge open a small window for BIPA coverage that didn’t exist before; the facts of the case and Remprex’s cyber policy were like stars aligning, with circumstantial details that allowed for an insurance defense not easily translating over for all companies or situations.

Still, just the possibility of a cyber insurance policy covering a BIPA claim is notable in itself, they added, because it means policyholders may have leverage to negotiate BIPA-specific terms into their cyber policies.

The article has more information on BIPA claims and how insurance companies will potentially search for language that may allow broad interpretations of terms like “media material.” Check it out here.

So, what do you think? Are you surprised a cyber insurance policy was found to cover a BIPA claim? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply