In a split decision, a federal court dismissed a class action against insurance companies that failed to protect driver’s license numbers, ruling that people whose information has been improperly disclosed had no standing to sue.

The basic idea of Article III standing is that courts are reactive (and not proactive) institutions; therefore, to sue someone, one needs to allege a concrete traceable injury that a court can remedy. Otherwise, courts cannot get involved prematurely and prevent injuries based on abstract or possible dangers, or issue advisory opinions. 

In the case at issue, an auto-insurer’s website was structured to provide a quote for auto insurance to anyone who supplied basic identifying information. The site would autofill any information, such as the applicant’s driver's license; yet it would also allow anyone to enter a stranger’s home address, name, or driver’s license. After observing some unusual activity, the auto-insurer discontinued the auto-fill feature and provided the three people (the “Individuals”) whose information was improperly disclosed with a notice. These individuals sued the auto-insurer under the federal Driver’s Privacy Protection Act (the “Act”) and state negligence laws. 

The court held that the Individuals whose driver’s license information was compromised failed to point to a concrete injury traceable to the compromise (or, in other words, they did not have standing). The Individuals alleged that the compromise caused worry and anxiety, which led to credit monitoring. The court rejected their argument and even ridiculed it: “‘[t]he disclosure of my license number made me sad, and to cheer myself up I ate a chocolate bar.’ The price of candy would be money out of pocket, but eating chocolate is not a normal consequence of disclosures except through the bridge of worry.” According to the court, the disclosed information was not associated with credit-related fraud. Therefore, the Individuals could not have “manufacture[d] standing” by inflicting harm upon themselves based on their fears of hypothetical future disasters. The Individuals then showed that phony unemployment-related claims were filed on their behalf. The court still said that a stronger link between driver’s licenses and unemployment compensation applications, or bogus insurance claims was needed for the Individuals to have standing. According to the court, the individuals failed to demonstrate that the disclosed driver’s license information was sufficient to open these unemployment claims.

Notably, one judge dissented and argued that the majority overstepped the contours of standing by imposing a stricter standard of concreteness than the Supreme Court instructed. According to the dissenting judge, the majority also shook the balance of the separation of powers by dismissing the driver’s license information as “not sensitive or private enough” despite the Congressional decision to protect it with the Act.

In the underlying litigation, former tenants (the “Tenants”) alleged that the management company's (the “Company”) security deposit and late fee practices were unlawful, resulting in damages. The Tenants also argued that they were defamed by the Company’s report of the alleged debts to third parties. 

The Company sought coverage from its Insurer under its Professional Liability policy. The Insurer denied coverage, citing the Illegal Profits and Conversion Exclusions leading to the current coverage litigation. 

The applicable policy provided that “[the Insurer] shall pay on behalf of [the Company] all sums in excess of the Deductible . . . which [the Company] becomes legally obligated to pay as Damages and Claim Expenses incurred . . . by reason of a: 1. Wrongful act or 2. Personal injury; in the performance of Professional Services.” The policy defined “Personal Injury” to include “libel, slander or defamation.” The dispute at issue was whether the Tenant’s allegations of defamation triggered the Insurer’s duty to defend. 

The Insurer argued that the allegations that the Company’s improper retention of the Tenants’ security deposits, late fees, and the use of unfair debt collection practices fell within the Illegal Profits and Conversion Exclusion. Furthermore, the Insurer argued that the mere reference to defamation does not override the exclusions because the “alleged defamation is based upon and/or arises out of the wrongful retention and conversion of security deposits.” The Company, on the other hand, argued that the allegations of defamation fit squarely within the insuring agreement of the policy, which expressly covers damages and defense costs incurred by a wrongful act and personal injury.

The court found that the allegations that the Company defamed the Tenants by reporting unlawful debts triggered the policy’s “Personal Injury” coverage. The court further held that the “Illegal Profits” and “Conversion” Exclusions did not bar coverage because those exclusions apply to claims related to funds already in the Company’s possession, while the defamation allegations in this case related to funds that the Company claimed the Tenants owed but had not yet paid. Thus, the court held a duty to defend was owed because the allegations of defamation fell within the scope of the Policy’s “Personal Injury” coverage. 

In litigation we have been following in our newsletter, a Massachusetts district court had ruled in favor of an excess insurance carrier on the issue of whether the insured University provided timely notice of litigation. As a result, the excess carrier would not be obligated to provide $15 million in excess coverage towards the University’s defense.  

The court found that the policy at issue was unambiguous in requiring notice of any claims within 90 days of the expiration of the excess policy.  The University did not provide formal notice to the excess carrier until well over a year after the expiration of the extended reporting period.  In asking the court to find the notice provision to be a “mere technicality,” the University’s argument focused on the lack of prejudice to the carrier, as well as the carrier’s actual or constructive knowledge of the litigation. The University also attempted to argue that by placing the primary carrier on notice, they fulfilled their obligations to the excess carriers in the tower.

The court sternly disagreed with the University’s argument, finding that unambiguous terms of the insurance policy must be strictly enforced, and that prejudice or constructive notice were not relevant to the University’s obligations to provide timely notice under the policy.  The court went on to state that "even in cases where insureds directly provided information about a claim to an insurer's underwriters—not the case here—courts have still held that this was insufficient to be considered notice of a claim as required by the strict provisions of a claims-made policy.”

The University then appealed to the First Circuit Appellate Court, arguing again that the excess carrier had constructive or actual notice of the claim because of media coverage.  The University also argued for the first time that the requirement to report an “event” under the policy is ambiguous and would allow for the media to report a claim to the excess carrier.  The Appellate Court sharply disagreed and found that the lower court properly ruled in favor of the excess carrier.  

ERISA preemption decisions are not very common these days, however, a federal court recently took up the preemption question and ruled in favor of pharmacy benefit managers (“PBMs”) in a lawsuit challenging the state legislature that aimed to regulate them. 

The legislature at issue, Patient’s Right to Pharmacy Choice Act (the “Act”) sought to regulate PBMs who serve as intermediaries between pharmacies and health insurance plans.

The Act aimed to protect access to various pharmacies, as well as enable small town-pharmacies to compete with big retail-chain pharmacies. The Act was passed after the Supreme Court seemingly broadened the states’ authority to regulate PBMs. Yet, PBMs alleged that the Act was unconstitutional because the Employment Retirement Income Security Act (“ERISA”) and Medicare Part D (“Part D”) preempted it. 

In their complaint, PBMs challenged four provisions of the Act that limited the use of mail-order pharmacies, required the PBMs to permit any “willing pharmacy” to participate in the PBMs preferred network, prohibited cost-sharing discounts, and restricted the PBMs ability to deny or limit certain pharmacy contracts. According to PBM, such a restrictive structure forced them to structure their benefit plans in a particular manner in violation of ERISA. The state, in turn, argued that the Act was not pre-empted by ERISA because it was regulating PBMs and not health plans. 

Previously, the Supreme Court has pointed to two categories of state laws that impermissibly interfered with ERISA: acts that force a specific benefit plan structure and those that indirectly force an ERISA plan to adopt a certain coverage scheme. Here, the court explained that ERISA explicitly prohibits state laws from mandating benefit structures. The court, in rejecting the state’s argument, reasoned that a plan’s choice of self-administering its benefits and using a PBM “[was] in reality no choice at all.” Since most plans utilized PBM, regulating them was an equivalent of regulating a plan. Moreover, because the restrictions applied to benefit design, the court held that it impermissibly governed a central matter of plan administration.

This court noted that although the Supreme Court earlier broadened State’s ability to regulate PBM’s, “it [did] not shield the Act from preemption.” 

A commercial broadcast television company (the “Company”) entered a merger with a media conglomerate company (the “Insured”).  Shareholders of the Insured challenged the transaction and argued the Director’s and Officer’s breached their fiduciary duties in negotiating and recommending the transaction.

Shareholders sought damages which allegedly resulted from an unfair price.  After a few interim rulings in favor of the shareholders, the parties settled.  The Insured submitted the settlement to its Directors and Officers Liability Insurance carriers (the “Insurers”). The Insurers denied coverage, pointing to the Policy’s Bump-Up exclusionary language.

The relevant Bump-Up exclusionary language was embedded in the definition of Loss (as opposed to being in a separate Policy exclusion).  Per the Policy, Loss did not include:

[a]ny amount representing the amount by which the price or consideration paid or proposed to be paid for the acquisition or completion of the acquisition of all or substantially all of the ownership interest in, or assets of, an entity including [the Insured and any Subsidiary], was inadequate or effectively increased. However, this paragraph shall not apply to defense costs.

The issue before the court was whether the merger transaction between the Company and the Insured constituted an “acquisition” within the meaning of the Policy’s Bump-Up provision.  If so, then the settlement payment should be excluded from the covered Loss.  In its review of the facts and policy language, the court noted that the term “acquisition” was not a defined term in the Policy.

The court therefore looked to other sections of the Policy for additional context and considered the definition of a Merger Objection Claim which is:

[a] Claim based upon, arising from, or in consequence of any proposed or actual acquisition of [the Insured], or of all or substantially all of [the Insured’s], assets by another entity, or the merger or consolidation of the [Insured] into or with another entity such that the [Insured] is not surviving the entity . . . . (emphasis added).

The judge noted that the above language of Merger Objection Claim definition, unlike the Bump-Up Provision, referred specifically to a merger transaction. Importantly, the policy also contained a Material Changes in Condition provision which included a reference to mergers and utilized language that was not mentioned in the Bump-Up Provision cited earlier. The Material Changes in Condition provision provided that:

[a] Claim based upon, arising from, or in consequence of any proposed or actual acquisition of [the Insured], or of all or substantially all [the Insured’s] assets by another entity, or the merger or consolidation of the [Insured] into or with another entity such that the [Insured] is not the surviving entity, or the obtaining by any person, entity or affiliated group of persons or entities of the right to elect, appoint or designate more than 50% of the directors, management committee members, or members of the management board of the [Insured] or similar transaction. (emphasis added).

Based on the structure and the linguistic variations above, the court held that an ambiguity existed because the relevant policy terms could be subject to two or more interpretations. The court decided that the non-drafting party, the Insured, should receive the benefit of any doubt when an ambiguity exists with respect to exclusionary language contained within the Definition of Loss.  The court therefore granted the motion in favor of the Insured, holding that the merger did not constitute an “acquisition” within the meaning of the Bump-Up Provision and therefore, the Insured could continue litigating whether the subject Loss was otherwise covered under the Policy.

An Illinois federal judge partially dismissed a class action complaint brought a vendor (the “Vendor”) against a large technology company (the “Company”), accusing the Company of unlawfully handling facial geometry scans. 

The suit alleged that the Company violated Sections 15(a) through (d) of Illinois' Biometric Information Privacy Act (BIPA) through the collection, retention, and disclosure of face scans gathered through "video-based coaching" software used to evaluate sales pitches by salespersons.  Notably, the Company only provided certain technology products to a third-party customer and was not actively involved in obtaining the face scans.

The Company moved to dismiss the class action because the vendor failed to adequately plead a claim under BIPA. The court dismissed the allegations that the Company violated 15(b) of BIPA which regulates entities that "collect, capture, purchase, receive through trade, or otherwise obtain" biometric data, as the defendant did not “actively obtain” any biometric data, but rather provided products to a third-party that used it to obtain biometric information.  In so ruling, the Court distinguished between “actively obtaining” information, which is regulated by 15(b) of BIPA, and “possession” of biometric data, which this section of the Act does not address. 

Employee’s claims under Sec. 15(c) of the Act were dismissed, because they failed to show any injury to support a claim under this section.  Notably, the court held that an Employee must "allege more than that the [Company] profited from their data" and instead "must allege how that conduct harmed them individually."

Employee’s claims under Section 15(a) of BIPA, however, did survive the motion to dismiss.  Section 15(a) requires companies that are "in possession of" biometric data to develop written data retention policies and make them publicly available.  The court reasoned it is plausible that a claim can be proven under this theory. 

Lastly, the court dismissed Employee’s claims under Sec. 15(d) of the Act, which regulates disclosure of biometric data, finding that the Employee’s had not adequately asserted any facts that the Company disclosed any biometric data.