Author: Sarah Bishop, PRISM Underwriting Manager

Despite historically hard general liability market conditions, PRISM successfully renewed the GL1 Program on July 1, 2023 with more than a 98% member retention. While rates unfortunately increased, we were able to maintain the $25 million per occurrence program limits. Coverage remained as expiring but for one new exclusion.

The reinsurance industry continues to try and limit their exposure to loss by developing exclusions to new and potentially high dollar exposures that they can’t adequately underwrite. In recent years, this has included exclusions for Organic Pathogen, Cyber Liability, and PFAS. Where PRISM has faced these exclusions from our carrier partners, we have also adopted them within the GL1 MOC to avoid extending coverage where we do not have reinsurance support. Consistent with that approach, the Board took action at its meeting in June 2023 to insert a biometric exclusion specific to the $6M x $19M layer of the Program effective July 1, 2023 (click here to read).

The biometric concern raised by our reinsurer evolved out of the Biometric Information Privacy Act (BIPA), which was enacted in Illinois in 2008. The purpose of the law is to protect individuals’ privacy rights of their biometric information, including retina or iris scans, fingerprint, voiceprint, hand scans, facial geometry, DNA and other unique, identifying biological information. There have been a number of class-action suits following the passage of the law, most being from current or former employees whose employers used their data for timekeeping or to allow building and/or file access without the disclosure and permissions required by the law. The first BIPA trial did not occur until October 2022, but its result, a $228 million award for the plaintiff, assures that it won’t be the last. There have also been numerous high value settlements ranging in the tens and hundreds of millions of dollars.

At the time of this writing, 7 other states have passed similar BIPA legislation, a list that does not yet include California, where attempted BIPA legislation in 2022 did not result in new law. There are a lot of unknowns surrounding the BIPA law, including the applicability of insurance and current exclusionary language, and already conflicting case law. Due to the extremely high dollars at stake, some carriers are developing specific biometric exclusions to clarify their intent to not provide coverage. One such carrier is Allied World Assurance Company (AWAC). AWAC has been a long-time carrier partner of PRISM, participating as the lead reinsurer for the $6M x $19M layer of the GL1 Program, and providing 100% of the reinsurance for the $10M x $25M layer within the Optional Excess Liability Program. During the renewal process, AWAC advised that they would be adding a biometric exclusion to all renewal business.

While most, if not all, the suits to date have involved private companies, it is not clear that public entities would be exempt from these types of BIPA laws. The language for the exclusion is very broad, and PRISM staff voiced concern over the potential implications for law enforcement actions surrounding the use of biometric information (for example the use of fingerprint information in identifying a suspect). Alliant was successful in negotiating the below language into the AWAC exclusion to clarify that the exclusion would not apply to exposure arising out of law enforcement activities:

“D. The exclusion in Paragraph A. above does not apply to Coverages A. and B. of the General Liability 1 Program Memorandum of Coverage for any wrongful acts (as such term is defined in the Memorandum of Coverage) resulting from law enforcement activities.”

The MOC exclusion applies only to the $6M x $19M layer of the GL1 Program because AWAC was the only carrier to require its addition to their reinsurance contract this year (it is also excluded in the OEL Program). If this plays out like some other newly perceived high value exposures, it is likely that other carriers will follow suit in the coming years. If that occurs, then in the future we may need to expand the MOC exclusion to other layers of the Program. Also of note, the Underwriting and Claims Review Committees have a joint meeting in August, and at that time will discuss the potential impacts of emerging technologies including autonomous vehicles, artificial intelligence, Chat GPT, biometrics, and whether future coverage restrictions or clarifications may be necessary.

This communication is simply to provide information on the new biometric exclusion and a brief summary of its origins, and there is currently no action to be taken.