IN THE NATIONAL FIRE INSURANCE COMPANY OF HARTFORD & CONTINENTAL INSURANCE COMPANY, Plaintiffs-Appellees, v. VISUAL PAK COMPANY, INC. & LUIS SANCHEZ, Individually & on Behalf of All Others Similarly Situated, Defendants-Appellants., 2023 IL App (1st) 221160, the Court of Appeal found no coverage for a TCPA claim brought against an insured.

In this insurance coverage dispute, plaintiffs National Fire Insurance Company of Hartford and Continental Insurance Company filed suit for a declaration that they did not owe a duty to defend or indemnify defendant Visual Pak Company in an underlying lawsuit. Plaintiffs moved for judgment on the pleadings, claiming that various exclusions in their policies barred coverage in that underlying suit. The trial court initially disagreed, finding that the insurers were estopped from asserting defenses within the policy. On reconsideration, the trial court reversed itself, ruling that a particular exclusion in the policy barred coverage, and because plaintiff had no duty to defend, the question of estoppel was moot.  We affirm the circuit court’s judgment. The trial court correctly reconsidered its initial, erroneous ruling and reversed course. Plaintiffs owed Visual Pak no duty to defend under the terms of their policies. In reaching this conclusion, we are mindful of a recent decision from the United States Court of Appeals for the Seventh Circuit, which reached the opposite conclusion under Illinois law. Though we do not do so lightly, we believe that this federal decision was wrongly decided and decline to follow it.

The facts were as follows:

A staffing and temporary employment agency named Elite Staffing provided staffing services to Visual Pak. When Elite staffed an employee at Visual Pak, the employee was required to enroll in an employee database using a fingerprint scan. Visual Pak and Elite used the employee database to “monitor the time worked by each of the hourly workers at Visual Pak.” The data collected by Visual Pak was transferred to Elite for payroll purposes.  Luis Sanchez was one such employee; he worked for Visual Pak (via Elite Staffing) as a warehouse worker from February through April 2016. Sanchez was required to scan his fingerprint at the beginning and end of each workday. According to the amended complaint, Visual Pak “collected, stored, used, or disseminated” Sanchez’s fingerprints without his consent and without any policies in place regarding the retention and deletion of his fingerprints from the database. Visual Pak failed to inform him of how his biometric information would be used. Nor did Visual Pak provide him with a release for the use of his biometric information.   This, Sanchez alleged, was a violation of the Biometric Information Privacy Act, or “BIPA.” See 740 ILCS 14/15 (West 2016). He filed this BIPA suit on February 28, 2018.  In that suit, Sanchez sought a declaratory judgment that Visual Pak violated BIPA. The amended complaint sought certification of a class. Sanchez also prayed for injunctive and equitable relief requiring Visual Pak’s compliance with BIPA. And he sought damages for the willful violation of BIPA or, in the alternative, statutory damages and attorney fees. See id. § 20.  . .  .At all relevant times, Visual Pak had three different insurance policies in place. All three were affiliates of CNA. Two of them (National Fire Insurance and Continental Insurance) are plaintiffs here. They provided general liability insurance to Visual Pak—National Fire, a commercial general liability policy, and Continental Insurance, an excess/umbrella policy of general liability coverage. Through the remainder of our discussion, for ease of reference and to distinguish them from the third, non-party insurer, we will follow the lead of the parties in their briefs and refer to National Fire and Continental Insurance collectively as the “CNA plaintiffs.”  Visual Pak’s third policy was provided by a third CNA affiliate, Continental Casualty Insurance Company (Continental Casualty). The Continental Casualty policy was not a general liability policy but an employment practices liability policy.

The Court of Appeal noted the 7th Circuit’s decision.

A few months ago, the United States Court of Appeals for the Seventh Circuit weighed in, holding that nearly identical exclusion language as in our case did not preclude defense of an underlying BIPA lawsuit; the insurer owed a duty to defend. See Citizens Insurance Co. of America v. Wynndalco Enterprises, LLC, 70 F.4th 987, 997 (7th Cir. 2023). That decision, of course, abrogated the federal district court decisions that found the violation-of-law exclusion applicable. See Continental Western Insurance Co. v. Cheese Merchants of America, LLC, 631 F. Supp. 3d 503 (N.D. Ill. 2022), abrogated by Wynndalco, 70 F.4th 987; State Auto Property & Casualty Insurance Co. v. Fruit Fusion, Inc., 631 F. Supp. 3d 638, 645 (S.D. Ill. 2022), abrogated by Wynndalco, 70 F.4th 987.  But we are obviously not bound by a federal court’s interpretation of Illinois law, be it a decision from a district court or a federal appellate court. See Travelers Insurance Co. v. Eljer Manufacturing, Inc., 197 Ill. 2d 278, 302 (2001). So we will consider all the case law, even if some of those decisions, in some sense, are no longer “good law” on the subject, because from our perspective as an Illinois appellate court, we are bound by none of these decisions and are open to persuasion by any of them.

The Court of Appeal found no coverage.

As BIPA is obviously not one of the statutes identified in subsections (1) through (3) of the exclusion, the CNA plaintiffs argue that a lawsuit alleging a violation of BIPA falls within the catchall exclusion of subsection (4) for any other statute, not previously identified in the exclusion, that governs “the *** dissemination, disposal, collecting, recording, sending, transmitting, communicating, or distribution of material or information.” We begin with two essential observations. First, the catchall exclusion here is broader than that in West Bend, which merely described a statute “ ‘that prohibits or limits the sending, transmitting, communicating or distribution of material or information.’ ” Id. ¶ 9. Some of the different verbs used in our exclusion are synonyms of the language in West Bend—“disseminating,” for example, does not add much—but “disposal, collecting, [and] recording” undoubtedly broaden the exclusion at issue here.  And second, if we merely isolated this catchall language, it is simply impossible to deny that it describes BIPA. BIPA regulates the collection, dissemination, and disposal of one’s biometric identifiers and information. See Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, ¶ 20 (BIPA “imposes on private entities *** various obligations regarding the collection, retention, disclosure, and destruction of biometric identifiers and biometric information.”); 740 ILCS 14/15(b), (d) (West 2014) (“[n]o private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information” absent disclosure and consent; “[n]o private entity in possession of a biometric identifier or biometric information may disclose, redisclose, or otherwise disseminate a person’s or a customer’s biometric identifier or biometric information” absent disclosure and consent).  Indeed, even the Seventh Circuit, which for different reasons found this exclusion inapplicable to BIPA actions, conceded that “[t]here is no dispute that a literal, plain-text reading of the catch-all provision would include BIPA violations.” Wynndalco, 70 F.4th at 997. We are aware of no reported decision that has found otherwise.  Because our provision contains materially different language than the catchall provision in West Bend, and because the language of our catchall provision clearly encompasses a violation of BIPA, we are tempted to stop there and find that the exclusion bars coverage. The supreme court in West Bend did not stop there, however, and given the controversy over this provision, we will continue with our analysis, following the lead of our supreme court and invoking the ejusdem generis canon.64 Clearly, the FCRA and FACTA do not share the same theme of the TCPA and CAN-SPAM Act, which govern “methods of communication.” West Bend, 2021 IL 125978, ¶ 58. Other courts reviewing this identical language concur. See Wynndalco, 70 F.4th at 1002 (“Plainly, it is not possible here as it was in [West Bend] to limit the exclusion to statutes regulating methods of communication ***.”); Cheese Merchants, 631 F. Supp. 3d at 518; Citizens Insurance Co. of America v. Wynndalco Enterprises, LLC, 595 F. Supp. 3d 668, 675 (N.D. Ill. 2022), aff’d, 70 F.4th 987. . . .But that does not mean that the four statutes could not share some other common theme. When employing the ejusdem generis canon, “ ‘[t]he common quality suggested by a listing should be its most general quality—the least common denominator, so to speak—relevant to the context.’ ” Cheese Merchants, 631 F.Supp. 3d at 521 (quoting Antonin Scalia & Bryan A. Garner, Reading Law The Interpretation of Legal Texts 196 (2012)).
¶ 66 The CNA plaintiffs argue that there is, in fact, a theme common to these listed statutes, even if it is not the same theme as in West Bend. In their different ways, they say, these statutes and other laws share the common denominator of protecting personal privacy.  Recall that our supreme court, in finding that a BIPA violation fell within the policy’s coverage for publication of material that violates one’s personal privacy, noted that “the right to privacy includes two primary privacy interests: seclusion and secrecy” and deemed a BIPA violation as falling within the secrecy interest: “the right of an individual to keep his or her personal identifying information like fingerprints secret.” West Bend, 2021 IL 125978, ¶¶ 45-46.  The Seventh Circuit agreed that the four statutes listed in our exclusion “encompass two distinct types of privacy: seclusion and secrecy.” Wynndalco, 70 F.4th at 1003. The TCPA and CAN-SPAM Act address seclusion, “the right to be left alone” (id.), while the FCRA and FACTA concern secrecy, “the right to maintain the confidentiality of one’s personal information.” Id.; see Cheese Merchants, 631 F. Supp. 3d at 518 (FCRA and FACTA “address a different type of privacy” than TCPA and CAN-SPAM Act).  The Seventh Circuit, however, disagreed that the four statutes in the violation-of-law exclusion could be grouped together under a general theme of protecting privacy. There was “nothing in the language of the exclusion—be it in the title or in any of the provisions that follow—which points to privacy as the focus of the exclusion.” Wynndalco, 70 F.4th at 1003. The court did not find that theme to be “obvious to the type of layperson or business purchasing this policy.” Id. In the court’s view, it would require “a relatively sophisticated and nuanced examination of the four statutes” to glean a theme of protecting personal privacy. Id. at 1003-04. . . . ¶ 74 So once again—we could stop there. We could determine that the plain and ordinary interpretation of the catchall exclusion includes BIPA violations, as we did earlier, or we could find, as we have just done, that the doctrine of ejusdem generis limits the scope of the catchall to the violation of statutes or other laws that protect personal privacy—which would still include violations of BIPA. Either way, violations of BIPA are included within the catchall exclusion, and the CNA plaintiffs owe no duty to defend. . . . Simply summarized, the catchall provision is amenable to a reasonable limiting construction of statutes or other laws that protect personal privacy. BIPA is clearly one such statute. So an underlying lawsuit alleging a violation of BIPA would fall under the catchall phrase of the violation-of-laws exclusion. But even if we were wrong and the ejusdem generis canon is incapable of limiting the scope of the catchall phrase, the result would be the same. Absent some limiting gloss, the phrase receives its full breadth. The catchall, without a limiting gloss, plainly and obviously includes BIPA lawsuits. In either event, the exclusion applies, and the CNA plaintiffs owed no duty to defend.