- Emergency Consultation Services
- Risk Management Services
- Who We Are
- Our People
- What We Do
- Why We Are Different
- What’s New
- Where We Are
Earlier this month, Amazon was sued in Illinois state court by current and former employees who claim the company unlawfully requested and obtained their family medical histories during the job application process in violation of the Illinois Genetic Information Privacy Act, 410 ILCS 513, et seq., (“GIPA”). This filing comes on the heels of another GIPA lawsuit filed in Illinois in February 2023 against Ford Motor Company by job applicants who allege similar violations of the statute.
Companies and their insurers have already had their hands full confronting the implications of the Illinois Biometric Information Privacy Act (“BIPA”), another state privacy statute, which prohibits the collection, disclosure, and/or use of an individual’s biometric information, such as fingerprints or retinal scans, without their consent. In recent years, BIPA has spawned a wave of putative class action litigation that has resulted not only in eight and nine-figure settlements and judgments but also disputes between companies and their insurers over whether there is coverage for these claims in the first instance. But now, if the filings against Amazon and Ford are any indication, companies and insurers may face a new threat in GIPA.
GIPA was originally enacted in 1998 (and amended in 2008) to protect Illinois residents from having their genetic information used against them in an employment setting. Specifically, GIPA bars employers from directly or indirectly requesting or using the genetic information of its applicants or employees, including in the firing or demotion process, or in determining work assignments or classifying applicants or employees. The Act’s comprehensive definition of “genetic information” includes information about an individual’s family history, that is, “[t]he manifestation of a disease or disorder in family members of such an individual[.]”
In the Amazon suit, the plaintiffs allege they were required to take a preemployment physical during which they were asked to disclose their family medical history. They further contend that this information was used for purposes of evaluating risk associated with conditions inherited from family members, which Amazon then improperly used when making hiring and staffing decisions. The plaintiffs seek statutory and/or actual damages, although they claim that similar to BIPA, GIPA does not require a showing of actual harm to prevail. Statutory damages recoverable under BIPA are $1,000 for negligent violations and $5,000 for reckless or intentional violations. However, the statutory damages recoverable under GIPA are even more onerous – $2,500 per negligent violation and $15,000 for each intentional or reckless violation of the statute.
Given that class plaintiffs will assuredly argue perceived similarities between the statutes, the insurance coverage questions to emanate for GIPA claims may mirror those already seen under BIPA. Due to the nature of these claims, commercial general liability (CGL) and employment practices liability insurance (EPLI) policies will be targets for potential sources of coverage. Under CGL policies, insurers will likely contest whether the Insuring Agreement is potentially satisfied, including that the underlying action does not involve a “publication” of material that violates a person’s right of privacy. Additionally, several exclusions frequently featured in BIPA litigation are expected to be implicated for GIPA claims, including the: (1) Employment-Related Practices Exclusion (ERP); (2) Violation of Law Exclusion; and (3) Access or Disclosure Exclusion.
Given GIPA’s hefty damages provisions and broad definition of “genetic information,” it has the potential to trigger the next wave of headline-grabbing class action lawsuits in Illinois. Whether that comes to fruition remains to be seen. But if the landscape of BIPA litigation is any indicator of how courts will approach GIPA claims, insurance industry professionals should expect another round of coverage disputes over an Illinois privacy statute that punishes businesses even in the absence of actual harm to the putative class members.