In this episode of CHATTINN CYBER, Marc Schein interviews Peter A. Halprin, partner at Pasich LLP’s New York office, where he assists policyholders with insurance coverage issues. He is also an adjunct professor of law at Cardozo Law with expertise in areas of arbitration, commercial law, dispute resolution, and processes international arbitration. Today’s conversation is centred around privacy laws and explains the Biometric Information Privacy Act (BIPA) in detail.
The BIPA came around in 2008 and had since stood out from other privacy laws for its extensive litigation surrounding its purpose, scope of implementation, and relevant details. It intends to cover protection for biometric risks, including fingerprints, retinal scans, and several other face or body detections that have become commonplace today by regulating the collection, dissemination, storage, consent, and destruction of any associated data from the point of generation.
Any exclusion on the distribution of materials that violates a statute, particularly TCPA, would also apply to PIPA or other similar claims. Moreover, the BIPA also allows a private right to action, which means you can individually sue people for violations. Peter explains this by breaking down Six Flags’ fingerprint scan privacy issue, for which the entertainment corporation was slammed $36 million by the plaintiff as settlement despite having refused any fault or liability.
Bigger privacy violation claims can have a twofold benefit from insurance – helping with the defense of the claim and indemnity or the settlement of a potential class of action. A recent decision by the Eastern District of North Carolina has brought into light the importance of having your risk coverage neatly handled under a cyber policy.
In conclusion, Peter explains why it helps to have a broker to assess your policy – the more expressed the coverage, the better informed you are of the risks. Additionally, having the right policy can reduce the liability and defence costs on your side.
“The interesting thing, I think that we’re seeing, too, is a lot of litigation about whether or not insurance should respond. But I caution that most of those cases involve general liability, or business owners policies, and not cyber insurance.”
“An exclusion based on the distribution of materials in violation of a statute, particularly TCPA, would also apply to PIPA or other similar claims. ”
“I think that the main thing that people need to keep in mind is just when you’re doing policy reviews, and when you’re working with your broker to assess your policy, the more expressed the coverage can be for something like that. I think the better to know exactly what is and what isn’t covered when you’re buying your policy so that you can really understand the risks associated with what you’re doing, then to try to have to figure it out after the fact.”
“If you’re working with your insurer and your insurance providing coverage is that they may see a lot of these claims for a lot of their clients. And so panel counsel or counsel that is pre-approved may have a lot of experience by doing these things. And it may even help reduce liability and perhaps defense costs on that on that side, too. ”
[01:51] – Peter talks about his work and involvement with cyber insurance
[03:03] – Exploring the BIPA in detail
[07:27] – Does the BIPA have a private right to action?
[09:53] – The role of insurance in bigger privacy claims