The Authors

Cort T. Malone
Cort T. MaloneAnderson Kill P.C.
* Cort T. Malone (cmalone@andersonkill.com) is a shareholder
in the New York and Stamford offices of Anderson Kill and practices
in the Insurance Recovery and the Corporate and Commercial Litigation Departments. He represents policyholders in insurance coverage litigation and dispute resolution, with an emphasis on commercia general liability insurance, directors and officers insurance, employment practices liability insurance, advertising injury insurance, and property insurance issues.
Jade Sobh
Jade SobhAnderson Kill P.C.
Jade W. Sobh (jsobh@andersonkill.com) is an attorney in Anderson Kill’s New York office. Jade focuses his practice on insurance recovery, exclusively on behalf of policyholders, as well as regulatory and complex commercial litigation matters.
The Journal on Emerging Issues in Litigation
Emerging Litigation Podcast
Emerging Litigation PodcastProduced by HB Litigation and Law Street Media
Interviews with leading attorneys and other subject matter experts on new twists in the law and how the law is responding to new twists in the world.

Biometric Privacy Laws:  

Companies Will Need Insurance as Protection From New and Expanding Liability

“Businesses may look to various types of insurance policies for protection from the sudden and ever-increasing liability under present and soon to pass biometric data privacy laws, including commercial general liability insurance, employment practices liability insurance, cyber insurance, and directors & officers (D&O) insurance.”

Abstract: As more states follow Illinois in enacting biometric privacy laws, the risk that companies will be hit with lawsuits and extensive damages awards increases. Employers are among the most active collectors of this type of data, collecting fingerprints and deploying facial recognition for timekeeping and security purposes. Several multi-million-dollar settlements have been reported for violations of biometric privacy laws. Meta, formerly Facebook, paid $650 million to resolve claims that it improperly stored face scans of its users. When companies turn to their insurance carriers, policyholders have a good track record of receiving coverage. Now that these claims are becoming more prevalent, will the insurance industry work to limit its exposure in this space? What should policyholders do in the event the industry is successful? In this article, the authors provide background on these emerging privacy laws, how they have played out in court, and what
types of policies companies should consider to be sure they have the necessary protection.

At least seven states have passed biometric privacy laws specifically intended to protect individuals from the collection, use, and sale of their personal biometric identifiable information. Several of these laws allow for extensive damages awards regardless of whether individuals suffered any actual harm as a result of the nonconsensual collection of biometric data. The companies facing class action lawsuits as a result should look to insurance to cover such claims, as the initial litigation with insurance companies has provided favorable results to policyholders. But insurance companies surely will seek to limit future exposure related to biometric privacy law violations, and companies either using biometrics or potentially doing so in the future would be wise to seek and maintain the broadest possible coverage.

Biometric Identifiable Information (BII) is generally defined as any physiological or biological characteristic that is used by or on behalf of a commercial establishment to identify an individual. BII may take the form of a retina scan, a fingerprint, a voiceprint, a scan of hand or face geometry, or any other identifying characteristic.

Tags