In May 2022, the Illinois Supreme Court heard oral arguments in Cothron v. White Castle System, Inc. — a case that will have a substantial impact on the liability for violating the Illinois Biometric Information Privacy Act (“BIPA”).  BIPA is considered to be among the most robust law in the U.S. governing biometric privacy, and Illinois is among the few jurisdictions permitting private suits for the unlawful collection, storage of such data.  Since its inception in 2008, BIPA has been the source of a flurry of lawsuits, many of which have resulted in substantial settlements.  The court is set to determine how to calculate the number of individual BIPA violations, whether damages accrue each time an employee scans her fingerprint, or whether the first recorded scan is the sole violation.  If the Illinois high court determines that damages accrue with each scan and BIPA violations are ongoing, then the potential damages for BIPA lawsuits would increase exponentially and open a flood of new claims.  Fortunately, insurance policyholders have had recent success arguing that coverage exists for BIPA violations under Commercial General Liability (“CGL”) policies.  A plaintiff-friendly ruling in the Cothron case would make the ability to recover under these policies even more important, and potentially open additional avenues for recovery.  In anticipation of this important ruling, this article provides a brief background on BIPA and summarizes the key decisions relating to insurance recovery of BIPA damages.

Continue Reading Update on Case Law Developments for BIPA Damages and Insurance Recovery for BIPA Claims

On May 7, 2021, the operator of a major pipeline system that transports fuel across the East Coast fell victim to a ransomware attack that resulted in a six-day shutdown. Over the following week, East Coast stockpiles of gasoline dropped by about 4.6 million barrels and gas prices surged to their highest levels in six and a half years. The 5,500-mile-long pipeline provides roughly 45 percent of the fuel supplies for the East Coast, representing critical infrastructure for consumers from the Gulf Coast to Linden, New Jersey. Under mounting public pressure to respond and devastating losses to the company’s operational income, the operator authorized a ransom payment of $4.4 million to hackers. On May 31, 2021, one of the world’s largest meat suppliers disclosed that it was targeted by a ransomware attack that forced the company to shut down its meat processing plants in North America. As the meat processing plants depend on automation and computers for the production process, as well as processing of orders, billing and shipping, the company had no choice but to shut down operations. The company has not disclosed if it paid a ransom as part of its efforts to get back online.

Continue Reading Cyber-Insurance Considerations for Healthcare Providers Related to Ransomware Attacks