In Thornley v. Axis Insurance Co., 2025 IL App (1st) 241480-U, the First District Illinois Appellate Court affirmed a trial court’s ruling that an insurer had no duty to defend or indemnify its insured where the purported “wrongful acts” and “enterprise security events” occurred prior to the policy’s retroactive date.
In the underlying case, Wynndalco allegedly sold individuals’ biometric data, which had been collected by Clearview AI, Inc, in violation of BIPA. Clearview AI created a massive biometric database of individuals by ‘scraping’ their photos from publicly available websites and collecting their biometric facial geometry. Using Clearview AI’s database, customers seeking to identify an individual could upload an image of the person to Clearview’s platform, where that image would be compared to images within the database, to identify the individual. In December 2019, Wynndalco bought and resold Clearview AI’s facial recognition software to CDW-Government who then resold it to the Chicago Police Department, which allegedly ran afoul of BIPA.
In May 2020, plaintiffs filed a class action complaint against Wynndalco in the circuit court of Cook County, alleging violations of section 15(c) of the BIPA, unjust enrichment, and invasion of privacy.
Wynndalco was insured under a claims-made liability policy issued by Axis, who refused to defend or indemnify Wynndalco pursuant to the “Unlawful Use of Information” and “Violation of Statute” exclusions found in the policy. Wynndalco thereafter undertook its own defense and entered into a settlement agreement with plaintiffs, which assigned Wynndalco’s rights under the policy to plaintiffs and other class members.
In December 2021, plaintiffs, as assignees of Wynndalco, filed a class action complaint for declaratory judgment against Axis, alleging Axis breached its duty to defend and indemnify Wynndalco in the underlying class action. Plaintiffs alleged the claims fell, or potentially fell, within the policy’s coverage for “wrongful acts” or “enterprise security events.”
Axis argued coverage was not available pursuant to the “Unlawful Use of Information” and “Violation of Statute” exclusions. The policy also contained a retroactive date of February 20, 2020, which limited Axis's exposure for wrongful acts arising prior to the retroactive date. Axis argued the alleged "wrongful acts" or "enterprise security events", which purportedly triggered coverage, occurred in December 2019, prior to the retroactive date of the policy.
Plaintiffs argued that the "wrongful acts" or "enterprise security events" did not occur until May 2020, when Wynndalco was served with the underlying class action complaint. Attempting to avoid the bar of the retroactive date, plaintiffs applied the “deem to occur” language found in the policy’s claims-reporting section, to the policy’s claims-coverage section. The claims-reporting section provided that "[a] Wrongful Act will be deemed to occur when such Wrongful Act becomes known to a Control Group Insured[]" whereas the claims-coverage section provided that coverage existed only if "such Wrongful Act first occurred on or after the Retroactive Date and prior to the end of the Policy Period."
The trial court ultimately determined, without needing to address the exclusions, that the claims were barred by the retroactive date within the policy.
On appeal, the appellate court affirmed the trial court’s ruling, finding that plaintiffs’ attempt to insert the “deem to occur” language, found within the policy's claims-reporting section, into the language of the policy's claims-coverage section was essentially asking the court to rewrite the policy. The appellate court refused to do so.
The appellate court further rejected plaintiffs’ argument that the language of the policy was ambiguous "as to whether or not coverage runs from the date the underlying conduct 'occurred' or the date the actionable nature of the conduct 'became known' to the insured." The appellate court stated that the plain language of the policy’s claim-coverage section provided that coverage existed only if the “Wrongful Act” and/or “enterprise security event” claim “first occurred on or after the Retroactive Date and prior to the end of the Policy Period.”
As such, the appellate court affirmed the trial court's holding that Axis did not breach its duty to defend or indemnify Wynndalco in the underlying class action where the alleged “wrongful acts” and “enterprise security events” occurred prior to the retroactive date within the policy.