"Employment-Related Litigation Risks Facing Hospitality Cos.," Law360
This article was originally published in Law360 on April 10, 2023.
Businesses in the hospitality industry face significant litigation risks arising out of employment-related claims. This article highlights three areas of employment-related litigation risks facing hospitality companies: wage and hour claims, the Illinois Biometric Information Privacy Act and other privacy actions based on collection of employees' biometric information, and human trafficking claims. A common tool available to manage risk in each of these areas is insurance. The authors identify and discuss potential insurance coverage disputes common to these risk areas through examination of recent case law.
Wage and Hour Claims
Wage and hour claims pose a high risk to hospitality companies, with companies facing investigation and litigation as a result of alleged violations of state and federal wage and hour laws, including failure to pay overtime, failure to provide meal and rest breaks as required, and misclassification of employees as independent contractors, to name a few.
Hotels and motels, as well as food services, are two low-wage, high-violation industries designated by the U.S. Department of Labor's Wage and Hour Division.
In the 2022 fiscal year, the WHD brought over 4,000 enforcement actions against employers in those industries, recovering over $30 million in back wages for over 25,000 employees.[1]
In 2023, wage and hour lawsuits have been filed against hotels around the country — with several dozen cases filed in federal courts alone alleging various violations of state and federal wage and hour laws.
For example, on Feb. 14, non-exempt employees filed a class action complaint against AIL Hospitality Group in the U.S. District Court for the Western District of Pennsylvania, otherwise known as Bordner v. AIL Hospitality LLC, alleging violations of the Fair Labor Standards Act and Pennsylvania state wage and hour laws.[2]
When faced with employment-related litigation, the first place to seek insurance coverage would usually be employment practices liability insurance.
EPLI policies generally cover "those sums the insured becomes legally obligated to pay as damages resulting from a 'wrongful employment act,'" as defined in the relevant policy and provide the opportunity for coverage of the cost of the defense and potential liability in the underlying employment-related litigation.[3]
In other words, EPLI policies could potentially cover both the defense fees and costs and a later settlement or adverse judgment in connection with a covered claim.
Importantly, however, EPLI policies sometimes contain an exclusion related to wage and hour laws.
Although the exclusion might have different names and wordings under specific policies, it generally purports to exclude any claim arising from a "violation of [the employer's] responsibilities or duties required by any ... federal, state or local statutes, rules or regulations, and any rules or regulations promulgated therefor or amendments thereto."[4]
Courts have broadly interpreted the exclusion to bar coverage as to allegations involving violations of the FLSA or similar state and local wage and hour laws and regulations.[5]
Similar limitations are also sometimes found in an EPLI policy's definition of loss — for example, the policy could define loss as excluding "[a]mounts owed under federal, state or local wage and hour laws."[6]
According to the U.S. Court of Appeals for the Seventh Circuit in its 2007 decision in Farmers Automobile Insurance Association v. St. Paul Mercury Insurance Co., the purpose of the wage and hour laws exclusion is to avoid a moral hazard, which, "in its most extreme form, is the temptation of an insured to precipitate the event insured against if the insurance goes beyond merely replacing a loss."[7]
In the context of wage and hour claims, the court said:
In the face of such exclusions, policyholders have tried, with various levels of success, to preserve coverage for wage and hour claims by distinguishing the legal basis of the underlying lawsuit from wage and hour laws.
In Southern California Pizza Co. LLC v. Certain Underwriters at Lloyd's, London, for example, the Court of Appeal of the State of California in 2019 agreed with the insured's argument that certain sections of the California Labor Code requiring the insured — the owner of hundreds of restaurants — to reimburse delivery drivers for mileage expenses and cell phone expenses, were not wage and hour laws covered under an exclusion in the EPLI policy at issue.
Therefore, the exclusion did not apply to the underlying litigation based on those sections.[9]
Specifically, the Fourth Appellate District reasoned that "[n]either [section] mentions wages or hours, nor do they appear in the parts of the Labor Code titled 'compensation' or 'working hours,'" and that "[d]isbursements for losses and work-related expenditures are not payments made in exchange for labor or services."[10]
To manage the risk associated with wage and hour claims and avoid potential insurance coverage limitations, hospitality companies can purchase a stand-alone or dedicated wage and hour policy or negotiate to obtain a wage and hour enhancement endorsement to an existing EPLI policy.
This may be especially important for large companies with a high number of non-exempt employees and a higher risk of being the target of employment-related putative class actions.
Notably, however, the stand-alone wage and hour liability policies covering both defense and indemnity often come with high premiums, and less expensive add-ons or endorsements to existing EPLI policies are more limited in scope, usually covering only the cost of the defense.[11]
BIPA and Privacy Claims
Hospitality companies also face increasing risk as a result of privacy lawsuits brought by their employees — especially those based on emerging state biometric privacy laws, such as the Illinois Biometric Information Privacy Act — that are increasingly active.
In February, the Supreme Court of the State of Illinois issued two major decisions in BIPA cases: Tims v. Black Horse Carriers Inc. and Cothron v. White Castle System Inc.
Both cases involve class actions brought by employees against their employers based on the practice of scanning employees' fingerprints — which is considered a type of biometric identifier or information under BIPA — for timekeeping authentication purposes.[12]
The plaintiffs in those cases alleged the practice violated BIPA's prohibition against collection of individual biometrics without prior notice and consent, among others.[13]
These recent cases are among many lawsuits filed in recent years against employers — including those in the hospitality industry — that commonly use fingerprint scanning for authentication and/or timekeeping purposes.[14]
BIPA lawsuits will continue to grow, as the statute of limitations for BIPA claims is five years, as opposed to one year, and a separate claim accrues under the statute each time a private entity scans or transmits an individual's biometric identifier or information — allowing a longer period of time for plaintiffs to file lawsuits, as well as exposing employers to multiple violations and resulting damages for one, albeit continuing, practice.[15]
Insurance policies that could potentially provide coverage in response to BIPA and similar privacy-based lawsuits include EPLI policies, directors and officers liability policies, commercial general liability policies, and even cyber liability policies.
However, insurers have aggressively challenged coverage for BIPA lawsuits in recent years, and in the last six months alone, at least three federal district courts in Illinois have decided insurance coverage disputes over underlying BIPA litigation.
Interestingly, the decisions are somewhat inconsistent in interpreting similar policies and exclusions therein.
Thermoflex
In Thermoflex Waukegan LLC v. Mitsui Sumitomo Insurance USA Inc., an employer was sued in an underlying putative class action for alleged violation of BIPA by requiring hourly workers to scan their handprints for timekeeping purposes, transmitting the data to a third party without authorization, and failing to provide a company policy identifying its retention schedule or procedures for obtaining employees' consent and release.[16]
The employer sued its insurer for failing to defend the underlying BIPA litigation under a series of CGL policies as well as excess and umbrella insurance policies.[17]
The U.S. District Court for the Northern District of Illinois first held in its January decision that the access or disclosure of confidential or personal information exclusion in the CGL policies barred coverage, and then held that there was no coverage under the excess policies either as those policies required coverage in the underlying CGL policies in the first instance.[18]
As for the umbrella policies — which provided coverage for damages the employer became legally obligated to pay for personal and advertising injury in excess of its self-insured retention or other insurance coverage — the court held that the statutory violation exclusion, the data breach exclusion, and employment-related practices exclusion did not apply because they were all ambiguous, and under the common insurance law doctrine of interpreting ambiguous policy provisions in favor of coverage, they should be interpreted as inapplicable to the BIPA lawsuit.[19]
Fruit Fusion
Fruit Fusion Inc. is an Illinois corporation that operates ice cream and frozen yogurt shops and was named — in State Auto Property & Casualty Insurance Co. v. Fruit Fusion Inc. — as a defendant in an underlying putative class action filed by its employees for alleged violations of BIPA based on its requirement that employees scan their fingerprints to clock in and out.[20]
Fruit Fusion's insurer filed a complaint seeking a declaratory judgment that it owed no duty to defend under the CGL insurance policies it had issued to Fruit Fusion.[21]
The U.S. District Court for the Southern District of Illinois held on Sept. 30, 2022, that the personal and advertising injury provision in the CGL policies, which covers injury arising out of "[o]ral or written publication, in any manner of material that violates a person's right of privacy," was applicable based on the allegations in the underlying complaint, but the data compromise plus endorsement in the policies was not.[22]
As in Thermoflex, the court also held in Fruit Fusion that the employment-related practices exclusion did not apply to bar coverage; however, contrary to Thermoflex, the court in Fruit Fusion held that the recording and distribution of material or information in violation of law exclusion — an exclusion with wording similar to the statutory violation exclusion in Thermoflex — applied to exclude coverage for the underlying BIPA lawsuit.[23]
Cheese Merchants
Employees of Cheese Merchants of America LLC, a cheese processing and packing company in Cook County, Illinois, filed a putative class action against their employer in Continental Wester Insurance Co. v. Cheese Merchants of America LLC, alleging violation of BIPA based on Cheese Merchants' use of a biometric time-tracking system that scans the backs of employees' hands for authentication.[24]
Cheese Merchants' insurer sought a declaratory judgment that it had no duty to defend the underlying BIPA lawsuit under the CGL and umbrella coverage in its insurance policies, arguing that coverage was barred by three exclusions.[25]
In line with the Fruit Fusion decision, the Northern District of Illinois held in March in the Cheese Merchants case that the employment-related practices exclusion did not preclude coverage for the underlying lawsuit, but the recording and distribution of material or information in violation of law exclusion did apply to exclude coverage.[26]
In addition, the court also held that an exclusion that concerns access to or disclosure of confidential or personal information was also applicable to bar coverage.[27]
Hospitality companies facing, or at risk of facing, BIPA and other privacy-based lawsuits should examine their existing insurance policies carefully, especially the exclusions noted above — which are often cited by insurers in support of coverage denials.
In addition, recent BIPA decisions — such as Cothron — may very well have implications for the number of occurrences or claims recognized by a particular insurance policy, and correspondingly, the retention(s) paid by the policyholder.
Human Trafficking Claims
In addition to the litigation risks associated with wage and hour claims and BIPA and other privacy claims, hospitality companies continue to experience lawsuits alleging violation of human trafficking and related laws at the policyholder's property.
In such lawsuits, plaintiffs allege that hotel employees failed to interfere or prevent the harm and that the hotel financially benefited from the harm.
Insurance policies that may cover human trafficking claims include CGL policies and errors and omissions liability polices.
CGL policies typically provide coverage for damages the insured becomes legally obligated to pay arising from bodily injury or property damage that occurred on the insured property. Errors and omissions policies usually apply to damages the insured becomes legally obligated to pay arising out of an alleged wrongful act — often defined as a negligent act, error or omission — by the policyholder within the scope of professional services provided by that policyholder.
In attempting to avoid coverage for human trafficking claims, insurers often seek an early declaratory judgment that there is no duty to defend or indemnify such claims.
For example, on Feb. 7, in Mesa Underwriters Specialty Insurance Co. v. Moda Invest Ltd. d/b/a W. Inn Motel — in the U.S. District Court for the Southern District of Texas — an insurer filed a complaint for a judicial declaration that it did not have a duty to defend or indemnify an underlying lawsuit against a motel owned by the insured where human trafficking allegedly occurred, citing the abuse or molestation exclusion, the human trafficking exclusion, as well as the abuse or battery exclusion to bar coverage, among other grounds.[28]
A recent U.S. Court of Appeals for the Third Circuit decision indicates that, even without an explicit human trafficking exclusion, coverage for underlying lawsuits asserting human trafficking or related claims could be barred by a more common assault or battery exclusion.
In 2018's Nautilus Insurance Co. v. Motel Management Services Inc., — in the U.S. District Court for the Eastern District of Pennsylvania — the insured motel appealed the trial court's decision that the hotel's CGL policy's assault or battery exclusion barred coverage over an underlying lawsuit where three women alleged that the motel permitted them to be trafficked for commercial sex on its premises.[29]
In affirming the district court's decision, the Third Circuit held that, under applicable Pennsylvania law, the assault or battery exclusion unambiguously applied to the underlying lawsuit because:
[s]elling the women for sex under these circumstances qualified as assault because it placed them in imminent apprehension of a harmful or offensive bodily contact [and that] [s]imilarly, the allegations in each of the complaints suffice for battery: by using force and drugs to compel the women's participation in the sex trade, the traffickers subjected the women to harmful or offensive bodily contact without their consent.[30]
The Third Circuit also rejected the motel's argument that human trafficking may occur without violence, and thus allegations of sex trafficking alone cannot establish an assault or battery — reasoning that the four-corners rule of insurance contract interpretation "does not involve an abstract elemental comparison akin to the categorical approach; instead, it assesses whether the particular factual allegations in a specific case fall within the precise terms of an insurance policy."[31]
The Third Circuit further rejected the motel's argument that the victims consented to their role in the sex trade, reasoning that:
the underlying allegations of modern-day slavery — facilitated by forced drug use, violent criminal aggression, physical injuries, and a climate of fear and anxiety — eliminate any possibility that the women voluntarily and intelligently agreed to the conditions of their own trafficking.[32]
Insured motels and hotels may fare better under other applicable insurance policy provisions.
For example, in 2019's Ricchio v. Bijal Inc., Peerless Indemnity Insurance Co. intervened in the underlying human trafficking lawsuit against a motel owner and two of its employees and sought a declaration that it had no duty to defend or indemnify the underlying lawsuit under its CGL policy and an umbrella policy.[33]
The U.S. District Court for the District of Massachusetts first held that to the extent the victim's injuries arose out of false imprisonment it would trigger an exclusion in one section of the policy that barred coverage over bodily injuries arising out of personal injury, which was in turn defined to include injury arising out of "[f]alse arrest, detention or imprisonment."[34]
However, the court held that another section of the insurance policy that provided coverage for "'personal … injury' caused by an offense arising out of [the insured's] business" was applicable here because the underlying complaint alleged the motel and its employees regularly rented out rooms to overnight guests for the purpose of making money, and thus alleged the victim's injuries were "caused, at least in part, by an offense arising out of [the insured's] business."[35]
Finally, the court rejected the insurer's argument that an exclusion for "'[p]ersonal ... injury' arising out of a criminal act committed by or at the direction of the insured" was applicable, because the motel and its employees allegedly violated only a civil provision of the Trafficking Victims Protection Reauthorization Act of 2003 according to the underlying complaint.[36]
As illustrated above, human trafficking claims can implicate multiple coverage provisions and exclusions, such that careful examination of the interplay of the claims, insuring agreements, and exclusions is key to a successful insurance recovery.
Conclusion
As part of a robust risk management program, hospitality companies should examine existing insurance policies and assess their individual risk of exposure to wage and hour claims, BIPA and other privacy claims, and human trafficking claims.
Analysis of potentially applicable exclusions and other limitations in those insurance policies — as well as proactive actions to secure appropriate coverage enhancements or endorsements, and preparation for potential coverage challenges by insurers — will maximize the likelihood of insurance recoveries for such claims.
Wage and Hour Claims
Wage and hour claims pose a high risk to hospitality companies, with companies facing investigation and litigation as a result of alleged violations of state and federal wage and hour laws, including failure to pay overtime, failure to provide meal and rest breaks as required, and misclassification of employees as independent contractors, to name a few.
Hotels and motels, as well as food services, are two low-wage, high-violation industries designated by the U.S. Department of Labor's Wage and Hour Division.
In the 2022 fiscal year, the WHD brought over 4,000 enforcement actions against employers in those industries, recovering over $30 million in back wages for over 25,000 employees.[1]
In 2023, wage and hour lawsuits have been filed against hotels around the country — with several dozen cases filed in federal courts alone alleging various violations of state and federal wage and hour laws.
For example, on Feb. 14, non-exempt employees filed a class action complaint against AIL Hospitality Group in the U.S. District Court for the Western District of Pennsylvania, otherwise known as Bordner v. AIL Hospitality LLC, alleging violations of the Fair Labor Standards Act and Pennsylvania state wage and hour laws.[2]
When faced with employment-related litigation, the first place to seek insurance coverage would usually be employment practices liability insurance.
EPLI policies generally cover "those sums the insured becomes legally obligated to pay as damages resulting from a 'wrongful employment act,'" as defined in the relevant policy and provide the opportunity for coverage of the cost of the defense and potential liability in the underlying employment-related litigation.[3]
In other words, EPLI policies could potentially cover both the defense fees and costs and a later settlement or adverse judgment in connection with a covered claim.
Importantly, however, EPLI policies sometimes contain an exclusion related to wage and hour laws.
Although the exclusion might have different names and wordings under specific policies, it generally purports to exclude any claim arising from a "violation of [the employer's] responsibilities or duties required by any ... federal, state or local statutes, rules or regulations, and any rules or regulations promulgated therefor or amendments thereto."[4]
Courts have broadly interpreted the exclusion to bar coverage as to allegations involving violations of the FLSA or similar state and local wage and hour laws and regulations.[5]
Similar limitations are also sometimes found in an EPLI policy's definition of loss — for example, the policy could define loss as excluding "[a]mounts owed under federal, state or local wage and hour laws."[6]
According to the U.S. Court of Appeals for the Seventh Circuit in its 2007 decision in Farmers Automobile Insurance Association v. St. Paul Mercury Insurance Co., the purpose of the wage and hour laws exclusion is to avoid a moral hazard, which, "in its most extreme form, is the temptation of an insured to precipitate the event insured against if the insurance goes beyond merely replacing a loss."[7]
In the context of wage and hour claims, the court said:
In the face of such exclusions, policyholders have tried, with various levels of success, to preserve coverage for wage and hour claims by distinguishing the legal basis of the underlying lawsuit from wage and hour laws.
In Southern California Pizza Co. LLC v. Certain Underwriters at Lloyd's, London, for example, the Court of Appeal of the State of California in 2019 agreed with the insured's argument that certain sections of the California Labor Code requiring the insured — the owner of hundreds of restaurants — to reimburse delivery drivers for mileage expenses and cell phone expenses, were not wage and hour laws covered under an exclusion in the EPLI policy at issue.
Therefore, the exclusion did not apply to the underlying litigation based on those sections.[9]
Specifically, the Fourth Appellate District reasoned that "[n]either [section] mentions wages or hours, nor do they appear in the parts of the Labor Code titled 'compensation' or 'working hours,'" and that "[d]isbursements for losses and work-related expenditures are not payments made in exchange for labor or services."[10]
To manage the risk associated with wage and hour claims and avoid potential insurance coverage limitations, hospitality companies can purchase a stand-alone or dedicated wage and hour policy or negotiate to obtain a wage and hour enhancement endorsement to an existing EPLI policy.
This may be especially important for large companies with a high number of non-exempt employees and a higher risk of being the target of employment-related putative class actions.
Notably, however, the stand-alone wage and hour liability policies covering both defense and indemnity often come with high premiums, and less expensive add-ons or endorsements to existing EPLI policies are more limited in scope, usually covering only the cost of the defense.[11]
BIPA and Privacy Claims
Hospitality companies also face increasing risk as a result of privacy lawsuits brought by their employees — especially those based on emerging state biometric privacy laws, such as the Illinois Biometric Information Privacy Act — that are increasingly active.
In February, the Supreme Court of the State of Illinois issued two major decisions in BIPA cases: Tims v. Black Horse Carriers Inc. and Cothron v. White Castle System Inc.
Both cases involve class actions brought by employees against their employers based on the practice of scanning employees' fingerprints — which is considered a type of biometric identifier or information under BIPA — for timekeeping authentication purposes.[12]
The plaintiffs in those cases alleged the practice violated BIPA's prohibition against collection of individual biometrics without prior notice and consent, among others.[13]
These recent cases are among many lawsuits filed in recent years against employers — including those in the hospitality industry — that commonly use fingerprint scanning for authentication and/or timekeeping purposes.[14]
BIPA lawsuits will continue to grow, as the statute of limitations for BIPA claims is five years, as opposed to one year, and a separate claim accrues under the statute each time a private entity scans or transmits an individual's biometric identifier or information — allowing a longer period of time for plaintiffs to file lawsuits, as well as exposing employers to multiple violations and resulting damages for one, albeit continuing, practice.[15]
Insurance policies that could potentially provide coverage in response to BIPA and similar privacy-based lawsuits include EPLI policies, directors and officers liability policies, commercial general liability policies, and even cyber liability policies.
However, insurers have aggressively challenged coverage for BIPA lawsuits in recent years, and in the last six months alone, at least three federal district courts in Illinois have decided insurance coverage disputes over underlying BIPA litigation.
Interestingly, the decisions are somewhat inconsistent in interpreting similar policies and exclusions therein.
Thermoflex
In Thermoflex Waukegan LLC v. Mitsui Sumitomo Insurance USA Inc., an employer was sued in an underlying putative class action for alleged violation of BIPA by requiring hourly workers to scan their handprints for timekeeping purposes, transmitting the data to a third party without authorization, and failing to provide a company policy identifying its retention schedule or procedures for obtaining employees' consent and release.[16]
The employer sued its insurer for failing to defend the underlying BIPA litigation under a series of CGL policies as well as excess and umbrella insurance policies.[17]
The U.S. District Court for the Northern District of Illinois first held in its January decision that the access or disclosure of confidential or personal information exclusion in the CGL policies barred coverage, and then held that there was no coverage under the excess policies either as those policies required coverage in the underlying CGL policies in the first instance.[18]
As for the umbrella policies — which provided coverage for damages the employer became legally obligated to pay for personal and advertising injury in excess of its self-insured retention or other insurance coverage — the court held that the statutory violation exclusion, the data breach exclusion, and employment-related practices exclusion did not apply because they were all ambiguous, and under the common insurance law doctrine of interpreting ambiguous policy provisions in favor of coverage, they should be interpreted as inapplicable to the BIPA lawsuit.[19]
Fruit Fusion
Fruit Fusion Inc. is an Illinois corporation that operates ice cream and frozen yogurt shops and was named — in State Auto Property & Casualty Insurance Co. v. Fruit Fusion Inc. — as a defendant in an underlying putative class action filed by its employees for alleged violations of BIPA based on its requirement that employees scan their fingerprints to clock in and out.[20]
Fruit Fusion's insurer filed a complaint seeking a declaratory judgment that it owed no duty to defend under the CGL insurance policies it had issued to Fruit Fusion.[21]
The U.S. District Court for the Southern District of Illinois held on Sept. 30, 2022, that the personal and advertising injury provision in the CGL policies, which covers injury arising out of "[o]ral or written publication, in any manner of material that violates a person's right of privacy," was applicable based on the allegations in the underlying complaint, but the data compromise plus endorsement in the policies was not.[22]
As in Thermoflex, the court also held in Fruit Fusion that the employment-related practices exclusion did not apply to bar coverage; however, contrary to Thermoflex, the court in Fruit Fusion held that the recording and distribution of material or information in violation of law exclusion — an exclusion with wording similar to the statutory violation exclusion in Thermoflex — applied to exclude coverage for the underlying BIPA lawsuit.[23]
Cheese Merchants
Employees of Cheese Merchants of America LLC, a cheese processing and packing company in Cook County, Illinois, filed a putative class action against their employer in Continental Wester Insurance Co. v. Cheese Merchants of America LLC, alleging violation of BIPA based on Cheese Merchants' use of a biometric time-tracking system that scans the backs of employees' hands for authentication.[24]
Cheese Merchants' insurer sought a declaratory judgment that it had no duty to defend the underlying BIPA lawsuit under the CGL and umbrella coverage in its insurance policies, arguing that coverage was barred by three exclusions.[25]
In line with the Fruit Fusion decision, the Northern District of Illinois held in March in the Cheese Merchants case that the employment-related practices exclusion did not preclude coverage for the underlying lawsuit, but the recording and distribution of material or information in violation of law exclusion did apply to exclude coverage.[26]
In addition, the court also held that an exclusion that concerns access to or disclosure of confidential or personal information was also applicable to bar coverage.[27]
Hospitality companies facing, or at risk of facing, BIPA and other privacy-based lawsuits should examine their existing insurance policies carefully, especially the exclusions noted above — which are often cited by insurers in support of coverage denials.
In addition, recent BIPA decisions — such as Cothron — may very well have implications for the number of occurrences or claims recognized by a particular insurance policy, and correspondingly, the retention(s) paid by the policyholder.
Human Trafficking Claims
In addition to the litigation risks associated with wage and hour claims and BIPA and other privacy claims, hospitality companies continue to experience lawsuits alleging violation of human trafficking and related laws at the policyholder's property.
In such lawsuits, plaintiffs allege that hotel employees failed to interfere or prevent the harm and that the hotel financially benefited from the harm.
Insurance policies that may cover human trafficking claims include CGL policies and errors and omissions liability polices.
CGL policies typically provide coverage for damages the insured becomes legally obligated to pay arising from bodily injury or property damage that occurred on the insured property. Errors and omissions policies usually apply to damages the insured becomes legally obligated to pay arising out of an alleged wrongful act — often defined as a negligent act, error or omission — by the policyholder within the scope of professional services provided by that policyholder.
In attempting to avoid coverage for human trafficking claims, insurers often seek an early declaratory judgment that there is no duty to defend or indemnify such claims.
For example, on Feb. 7, in Mesa Underwriters Specialty Insurance Co. v. Moda Invest Ltd. d/b/a W. Inn Motel — in the U.S. District Court for the Southern District of Texas — an insurer filed a complaint for a judicial declaration that it did not have a duty to defend or indemnify an underlying lawsuit against a motel owned by the insured where human trafficking allegedly occurred, citing the abuse or molestation exclusion, the human trafficking exclusion, as well as the abuse or battery exclusion to bar coverage, among other grounds.[28]
A recent U.S. Court of Appeals for the Third Circuit decision indicates that, even without an explicit human trafficking exclusion, coverage for underlying lawsuits asserting human trafficking or related claims could be barred by a more common assault or battery exclusion.
In 2018's Nautilus Insurance Co. v. Motel Management Services Inc., — in the U.S. District Court for the Eastern District of Pennsylvania — the insured motel appealed the trial court's decision that the hotel's CGL policy's assault or battery exclusion barred coverage over an underlying lawsuit where three women alleged that the motel permitted them to be trafficked for commercial sex on its premises.[29]
In affirming the district court's decision, the Third Circuit held that, under applicable Pennsylvania law, the assault or battery exclusion unambiguously applied to the underlying lawsuit because:
[s]elling the women for sex under these circumstances qualified as assault because it placed them in imminent apprehension of a harmful or offensive bodily contact [and that] [s]imilarly, the allegations in each of the complaints suffice for battery: by using force and drugs to compel the women's participation in the sex trade, the traffickers subjected the women to harmful or offensive bodily contact without their consent.[30]
The Third Circuit also rejected the motel's argument that human trafficking may occur without violence, and thus allegations of sex trafficking alone cannot establish an assault or battery — reasoning that the four-corners rule of insurance contract interpretation "does not involve an abstract elemental comparison akin to the categorical approach; instead, it assesses whether the particular factual allegations in a specific case fall within the precise terms of an insurance policy."[31]
The Third Circuit further rejected the motel's argument that the victims consented to their role in the sex trade, reasoning that:
the underlying allegations of modern-day slavery — facilitated by forced drug use, violent criminal aggression, physical injuries, and a climate of fear and anxiety — eliminate any possibility that the women voluntarily and intelligently agreed to the conditions of their own trafficking.[32]
Insured motels and hotels may fare better under other applicable insurance policy provisions.
For example, in 2019's Ricchio v. Bijal Inc., Peerless Indemnity Insurance Co. intervened in the underlying human trafficking lawsuit against a motel owner and two of its employees and sought a declaration that it had no duty to defend or indemnify the underlying lawsuit under its CGL policy and an umbrella policy.[33]
The U.S. District Court for the District of Massachusetts first held that to the extent the victim's injuries arose out of false imprisonment it would trigger an exclusion in one section of the policy that barred coverage over bodily injuries arising out of personal injury, which was in turn defined to include injury arising out of "[f]alse arrest, detention or imprisonment."[34]
However, the court held that another section of the insurance policy that provided coverage for "'personal … injury' caused by an offense arising out of [the insured's] business" was applicable here because the underlying complaint alleged the motel and its employees regularly rented out rooms to overnight guests for the purpose of making money, and thus alleged the victim's injuries were "caused, at least in part, by an offense arising out of [the insured's] business."[35]
Finally, the court rejected the insurer's argument that an exclusion for "'[p]ersonal ... injury' arising out of a criminal act committed by or at the direction of the insured" was applicable, because the motel and its employees allegedly violated only a civil provision of the Trafficking Victims Protection Reauthorization Act of 2003 according to the underlying complaint.[36]
As illustrated above, human trafficking claims can implicate multiple coverage provisions and exclusions, such that careful examination of the interplay of the claims, insuring agreements, and exclusions is key to a successful insurance recovery.
Conclusion
As part of a robust risk management program, hospitality companies should examine existing insurance policies and assess their individual risk of exposure to wage and hour claims, BIPA and other privacy claims, and human trafficking claims.
Analysis of potentially applicable exclusions and other limitations in those insurance policies — as well as proactive actions to secure appropriate coverage enhancements or endorsements, and preparation for potential coverage challenges by insurers — will maximize the likelihood of insurance recoveries for such claims.
Related Attorneys
Related Capabilities
Related Locations
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
This article was originally published in Law360 on April 10, 2023.
Businesses in the hospitality industry face significant litigation risks arising out of employment-related claims. This article highlights three areas of employment-related litigation risks facing hospitality companies: wage and hour claims, the Illinois Biometric Information Privacy Act and other privacy actions based on collection of employees' biometric information, and human trafficking claims. A common tool available to manage risk in each of these areas is insurance. The authors identify and discuss potential insurance coverage disputes common to these risk areas through examination of recent case law.
Wage and Hour Claims
Wage and hour claims pose a high risk to hospitality companies, with companies facing investigation and litigation as a result of alleged violations of state and federal wage and hour laws, including failure to pay overtime, failure to provide meal and rest breaks as required, and misclassification of employees as independent contractors, to name a few.
Hotels and motels, as well as food services, are two low-wage, high-violation industries designated by the U.S. Department of Labor's Wage and Hour Division.
In the 2022 fiscal year, the WHD brought over 4,000 enforcement actions against employers in those industries, recovering over $30 million in back wages for over 25,000 employees.[1]
In 2023, wage and hour lawsuits have been filed against hotels around the country — with several dozen cases filed in federal courts alone alleging various violations of state and federal wage and hour laws.
For example, on Feb. 14, non-exempt employees filed a class action complaint against AIL Hospitality Group in the U.S. District Court for the Western District of Pennsylvania, otherwise known as Bordner v. AIL Hospitality LLC, alleging violations of the Fair Labor Standards Act and Pennsylvania state wage and hour laws.[2]
When faced with employment-related litigation, the first place to seek insurance coverage would usually be employment practices liability insurance.
EPLI policies generally cover "those sums the insured becomes legally obligated to pay as damages resulting from a 'wrongful employment act,'" as defined in the relevant policy and provide the opportunity for coverage of the cost of the defense and potential liability in the underlying employment-related litigation.[3]
In other words, EPLI policies could potentially cover both the defense fees and costs and a later settlement or adverse judgment in connection with a covered claim.
Importantly, however, EPLI policies sometimes contain an exclusion related to wage and hour laws.
Although the exclusion might have different names and wordings under specific policies, it generally purports to exclude any claim arising from a "violation of [the employer's] responsibilities or duties required by any ... federal, state or local statutes, rules or regulations, and any rules or regulations promulgated therefor or amendments thereto."[4]
Courts have broadly interpreted the exclusion to bar coverage as to allegations involving violations of the FLSA or similar state and local wage and hour laws and regulations.[5]
Similar limitations are also sometimes found in an EPLI policy's definition of loss — for example, the policy could define loss as excluding "[a]mounts owed under federal, state or local wage and hour laws."[6]
According to the U.S. Court of Appeals for the Seventh Circuit in its 2007 decision in Farmers Automobile Insurance Association v. St. Paul Mercury Insurance Co., the purpose of the wage and hour laws exclusion is to avoid a moral hazard, which, "in its most extreme form, is the temptation of an insured to precipitate the event insured against if the insurance goes beyond merely replacing a loss."[7]
In the context of wage and hour claims, the court said:
In the face of such exclusions, policyholders have tried, with various levels of success, to preserve coverage for wage and hour claims by distinguishing the legal basis of the underlying lawsuit from wage and hour laws.
In Southern California Pizza Co. LLC v. Certain Underwriters at Lloyd's, London, for example, the Court of Appeal of the State of California in 2019 agreed with the insured's argument that certain sections of the California Labor Code requiring the insured — the owner of hundreds of restaurants — to reimburse delivery drivers for mileage expenses and cell phone expenses, were not wage and hour laws covered under an exclusion in the EPLI policy at issue.
Therefore, the exclusion did not apply to the underlying litigation based on those sections.[9]
Specifically, the Fourth Appellate District reasoned that "[n]either [section] mentions wages or hours, nor do they appear in the parts of the Labor Code titled 'compensation' or 'working hours,'" and that "[d]isbursements for losses and work-related expenditures are not payments made in exchange for labor or services."[10]
To manage the risk associated with wage and hour claims and avoid potential insurance coverage limitations, hospitality companies can purchase a stand-alone or dedicated wage and hour policy or negotiate to obtain a wage and hour enhancement endorsement to an existing EPLI policy.
This may be especially important for large companies with a high number of non-exempt employees and a higher risk of being the target of employment-related putative class actions.
Notably, however, the stand-alone wage and hour liability policies covering both defense and indemnity often come with high premiums, and less expensive add-ons or endorsements to existing EPLI policies are more limited in scope, usually covering only the cost of the defense.[11]
BIPA and Privacy Claims
Hospitality companies also face increasing risk as a result of privacy lawsuits brought by their employees — especially those based on emerging state biometric privacy laws, such as the Illinois Biometric Information Privacy Act — that are increasingly active.
In February, the Supreme Court of the State of Illinois issued two major decisions in BIPA cases: Tims v. Black Horse Carriers Inc. and Cothron v. White Castle System Inc.
Both cases involve class actions brought by employees against their employers based on the practice of scanning employees' fingerprints — which is considered a type of biometric identifier or information under BIPA — for timekeeping authentication purposes.[12]
The plaintiffs in those cases alleged the practice violated BIPA's prohibition against collection of individual biometrics without prior notice and consent, among others.[13]
These recent cases are among many lawsuits filed in recent years against employers — including those in the hospitality industry — that commonly use fingerprint scanning for authentication and/or timekeeping purposes.[14]
BIPA lawsuits will continue to grow, as the statute of limitations for BIPA claims is five years, as opposed to one year, and a separate claim accrues under the statute each time a private entity scans or transmits an individual's biometric identifier or information — allowing a longer period of time for plaintiffs to file lawsuits, as well as exposing employers to multiple violations and resulting damages for one, albeit continuing, practice.[15]
Insurance policies that could potentially provide coverage in response to BIPA and similar privacy-based lawsuits include EPLI policies, directors and officers liability policies, commercial general liability policies, and even cyber liability policies.
However, insurers have aggressively challenged coverage for BIPA lawsuits in recent years, and in the last six months alone, at least three federal district courts in Illinois have decided insurance coverage disputes over underlying BIPA litigation.
Interestingly, the decisions are somewhat inconsistent in interpreting similar policies and exclusions therein.
Thermoflex
In Thermoflex Waukegan LLC v. Mitsui Sumitomo Insurance USA Inc., an employer was sued in an underlying putative class action for alleged violation of BIPA by requiring hourly workers to scan their handprints for timekeeping purposes, transmitting the data to a third party without authorization, and failing to provide a company policy identifying its retention schedule or procedures for obtaining employees' consent and release.[16]
The employer sued its insurer for failing to defend the underlying BIPA litigation under a series of CGL policies as well as excess and umbrella insurance policies.[17]
The U.S. District Court for the Northern District of Illinois first held in its January decision that the access or disclosure of confidential or personal information exclusion in the CGL policies barred coverage, and then held that there was no coverage under the excess policies either as those policies required coverage in the underlying CGL policies in the first instance.[18]
As for the umbrella policies — which provided coverage for damages the employer became legally obligated to pay for personal and advertising injury in excess of its self-insured retention or other insurance coverage — the court held that the statutory violation exclusion, the data breach exclusion, and employment-related practices exclusion did not apply because they were all ambiguous, and under the common insurance law doctrine of interpreting ambiguous policy provisions in favor of coverage, they should be interpreted as inapplicable to the BIPA lawsuit.[19]
Fruit Fusion
Fruit Fusion Inc. is an Illinois corporation that operates ice cream and frozen yogurt shops and was named — in State Auto Property & Casualty Insurance Co. v. Fruit Fusion Inc. — as a defendant in an underlying putative class action filed by its employees for alleged violations of BIPA based on its requirement that employees scan their fingerprints to clock in and out.[20]
Fruit Fusion's insurer filed a complaint seeking a declaratory judgment that it owed no duty to defend under the CGL insurance policies it had issued to Fruit Fusion.[21]
The U.S. District Court for the Southern District of Illinois held on Sept. 30, 2022, that the personal and advertising injury provision in the CGL policies, which covers injury arising out of "[o]ral or written publication, in any manner of material that violates a person's right of privacy," was applicable based on the allegations in the underlying complaint, but the data compromise plus endorsement in the policies was not.[22]
As in Thermoflex, the court also held in Fruit Fusion that the employment-related practices exclusion did not apply to bar coverage; however, contrary to Thermoflex, the court in Fruit Fusion held that the recording and distribution of material or information in violation of law exclusion — an exclusion with wording similar to the statutory violation exclusion in Thermoflex — applied to exclude coverage for the underlying BIPA lawsuit.[23]
Cheese Merchants
Employees of Cheese Merchants of America LLC, a cheese processing and packing company in Cook County, Illinois, filed a putative class action against their employer in Continental Wester Insurance Co. v. Cheese Merchants of America LLC, alleging violation of BIPA based on Cheese Merchants' use of a biometric time-tracking system that scans the backs of employees' hands for authentication.[24]
Cheese Merchants' insurer sought a declaratory judgment that it had no duty to defend the underlying BIPA lawsuit under the CGL and umbrella coverage in its insurance policies, arguing that coverage was barred by three exclusions.[25]
In line with the Fruit Fusion decision, the Northern District of Illinois held in March in the Cheese Merchants case that the employment-related practices exclusion did not preclude coverage for the underlying lawsuit, but the recording and distribution of material or information in violation of law exclusion did apply to exclude coverage.[26]
In addition, the court also held that an exclusion that concerns access to or disclosure of confidential or personal information was also applicable to bar coverage.[27]
Hospitality companies facing, or at risk of facing, BIPA and other privacy-based lawsuits should examine their existing insurance policies carefully, especially the exclusions noted above — which are often cited by insurers in support of coverage denials.
In addition, recent BIPA decisions — such as Cothron — may very well have implications for the number of occurrences or claims recognized by a particular insurance policy, and correspondingly, the retention(s) paid by the policyholder.
Human Trafficking Claims
In addition to the litigation risks associated with wage and hour claims and BIPA and other privacy claims, hospitality companies continue to experience lawsuits alleging violation of human trafficking and related laws at the policyholder's property.
In such lawsuits, plaintiffs allege that hotel employees failed to interfere or prevent the harm and that the hotel financially benefited from the harm.
Insurance policies that may cover human trafficking claims include CGL policies and errors and omissions liability polices.
CGL policies typically provide coverage for damages the insured becomes legally obligated to pay arising from bodily injury or property damage that occurred on the insured property. Errors and omissions policies usually apply to damages the insured becomes legally obligated to pay arising out of an alleged wrongful act — often defined as a negligent act, error or omission — by the policyholder within the scope of professional services provided by that policyholder.
In attempting to avoid coverage for human trafficking claims, insurers often seek an early declaratory judgment that there is no duty to defend or indemnify such claims.
For example, on Feb. 7, in Mesa Underwriters Specialty Insurance Co. v. Moda Invest Ltd. d/b/a W. Inn Motel — in the U.S. District Court for the Southern District of Texas — an insurer filed a complaint for a judicial declaration that it did not have a duty to defend or indemnify an underlying lawsuit against a motel owned by the insured where human trafficking allegedly occurred, citing the abuse or molestation exclusion, the human trafficking exclusion, as well as the abuse or battery exclusion to bar coverage, among other grounds.[28]
A recent U.S. Court of Appeals for the Third Circuit decision indicates that, even without an explicit human trafficking exclusion, coverage for underlying lawsuits asserting human trafficking or related claims could be barred by a more common assault or battery exclusion.
In 2018's Nautilus Insurance Co. v. Motel Management Services Inc., — in the U.S. District Court for the Eastern District of Pennsylvania — the insured motel appealed the trial court's decision that the hotel's CGL policy's assault or battery exclusion barred coverage over an underlying lawsuit where three women alleged that the motel permitted them to be trafficked for commercial sex on its premises.[29]
In affirming the district court's decision, the Third Circuit held that, under applicable Pennsylvania law, the assault or battery exclusion unambiguously applied to the underlying lawsuit because:
[s]elling the women for sex under these circumstances qualified as assault because it placed them in imminent apprehension of a harmful or offensive bodily contact [and that] [s]imilarly, the allegations in each of the complaints suffice for battery: by using force and drugs to compel the women's participation in the sex trade, the traffickers subjected the women to harmful or offensive bodily contact without their consent.[30]
The Third Circuit also rejected the motel's argument that human trafficking may occur without violence, and thus allegations of sex trafficking alone cannot establish an assault or battery — reasoning that the four-corners rule of insurance contract interpretation "does not involve an abstract elemental comparison akin to the categorical approach; instead, it assesses whether the particular factual allegations in a specific case fall within the precise terms of an insurance policy."[31]
The Third Circuit further rejected the motel's argument that the victims consented to their role in the sex trade, reasoning that:
the underlying allegations of modern-day slavery — facilitated by forced drug use, violent criminal aggression, physical injuries, and a climate of fear and anxiety — eliminate any possibility that the women voluntarily and intelligently agreed to the conditions of their own trafficking.[32]
Insured motels and hotels may fare better under other applicable insurance policy provisions.
For example, in 2019's Ricchio v. Bijal Inc., Peerless Indemnity Insurance Co. intervened in the underlying human trafficking lawsuit against a motel owner and two of its employees and sought a declaration that it had no duty to defend or indemnify the underlying lawsuit under its CGL policy and an umbrella policy.[33]
The U.S. District Court for the District of Massachusetts first held that to the extent the victim's injuries arose out of false imprisonment it would trigger an exclusion in one section of the policy that barred coverage over bodily injuries arising out of personal injury, which was in turn defined to include injury arising out of "[f]alse arrest, detention or imprisonment."[34]
However, the court held that another section of the insurance policy that provided coverage for "'personal … injury' caused by an offense arising out of [the insured's] business" was applicable here because the underlying complaint alleged the motel and its employees regularly rented out rooms to overnight guests for the purpose of making money, and thus alleged the victim's injuries were "caused, at least in part, by an offense arising out of [the insured's] business."[35]
Finally, the court rejected the insurer's argument that an exclusion for "'[p]ersonal ... injury' arising out of a criminal act committed by or at the direction of the insured" was applicable, because the motel and its employees allegedly violated only a civil provision of the Trafficking Victims Protection Reauthorization Act of 2003 according to the underlying complaint.[36]
As illustrated above, human trafficking claims can implicate multiple coverage provisions and exclusions, such that careful examination of the interplay of the claims, insuring agreements, and exclusions is key to a successful insurance recovery.
Conclusion
As part of a robust risk management program, hospitality companies should examine existing insurance policies and assess their individual risk of exposure to wage and hour claims, BIPA and other privacy claims, and human trafficking claims.
Analysis of potentially applicable exclusions and other limitations in those insurance policies — as well as proactive actions to secure appropriate coverage enhancements or endorsements, and preparation for potential coverage challenges by insurers — will maximize the likelihood of insurance recoveries for such claims.
Wage and Hour Claims
Wage and hour claims pose a high risk to hospitality companies, with companies facing investigation and litigation as a result of alleged violations of state and federal wage and hour laws, including failure to pay overtime, failure to provide meal and rest breaks as required, and misclassification of employees as independent contractors, to name a few.
Hotels and motels, as well as food services, are two low-wage, high-violation industries designated by the U.S. Department of Labor's Wage and Hour Division.
In the 2022 fiscal year, the WHD brought over 4,000 enforcement actions against employers in those industries, recovering over $30 million in back wages for over 25,000 employees.[1]
In 2023, wage and hour lawsuits have been filed against hotels around the country — with several dozen cases filed in federal courts alone alleging various violations of state and federal wage and hour laws.
For example, on Feb. 14, non-exempt employees filed a class action complaint against AIL Hospitality Group in the U.S. District Court for the Western District of Pennsylvania, otherwise known as Bordner v. AIL Hospitality LLC, alleging violations of the Fair Labor Standards Act and Pennsylvania state wage and hour laws.[2]
When faced with employment-related litigation, the first place to seek insurance coverage would usually be employment practices liability insurance.
EPLI policies generally cover "those sums the insured becomes legally obligated to pay as damages resulting from a 'wrongful employment act,'" as defined in the relevant policy and provide the opportunity for coverage of the cost of the defense and potential liability in the underlying employment-related litigation.[3]
In other words, EPLI policies could potentially cover both the defense fees and costs and a later settlement or adverse judgment in connection with a covered claim.
Importantly, however, EPLI policies sometimes contain an exclusion related to wage and hour laws.
Although the exclusion might have different names and wordings under specific policies, it generally purports to exclude any claim arising from a "violation of [the employer's] responsibilities or duties required by any ... federal, state or local statutes, rules or regulations, and any rules or regulations promulgated therefor or amendments thereto."[4]
Courts have broadly interpreted the exclusion to bar coverage as to allegations involving violations of the FLSA or similar state and local wage and hour laws and regulations.[5]
Similar limitations are also sometimes found in an EPLI policy's definition of loss — for example, the policy could define loss as excluding "[a]mounts owed under federal, state or local wage and hour laws."[6]
According to the U.S. Court of Appeals for the Seventh Circuit in its 2007 decision in Farmers Automobile Insurance Association v. St. Paul Mercury Insurance Co., the purpose of the wage and hour laws exclusion is to avoid a moral hazard, which, "in its most extreme form, is the temptation of an insured to precipitate the event insured against if the insurance goes beyond merely replacing a loss."[7]
In the context of wage and hour claims, the court said:
In the face of such exclusions, policyholders have tried, with various levels of success, to preserve coverage for wage and hour claims by distinguishing the legal basis of the underlying lawsuit from wage and hour laws.
In Southern California Pizza Co. LLC v. Certain Underwriters at Lloyd's, London, for example, the Court of Appeal of the State of California in 2019 agreed with the insured's argument that certain sections of the California Labor Code requiring the insured — the owner of hundreds of restaurants — to reimburse delivery drivers for mileage expenses and cell phone expenses, were not wage and hour laws covered under an exclusion in the EPLI policy at issue.
Therefore, the exclusion did not apply to the underlying litigation based on those sections.[9]
Specifically, the Fourth Appellate District reasoned that "[n]either [section] mentions wages or hours, nor do they appear in the parts of the Labor Code titled 'compensation' or 'working hours,'" and that "[d]isbursements for losses and work-related expenditures are not payments made in exchange for labor or services."[10]
To manage the risk associated with wage and hour claims and avoid potential insurance coverage limitations, hospitality companies can purchase a stand-alone or dedicated wage and hour policy or negotiate to obtain a wage and hour enhancement endorsement to an existing EPLI policy.
This may be especially important for large companies with a high number of non-exempt employees and a higher risk of being the target of employment-related putative class actions.
Notably, however, the stand-alone wage and hour liability policies covering both defense and indemnity often come with high premiums, and less expensive add-ons or endorsements to existing EPLI policies are more limited in scope, usually covering only the cost of the defense.[11]
BIPA and Privacy Claims
Hospitality companies also face increasing risk as a result of privacy lawsuits brought by their employees — especially those based on emerging state biometric privacy laws, such as the Illinois Biometric Information Privacy Act — that are increasingly active.
In February, the Supreme Court of the State of Illinois issued two major decisions in BIPA cases: Tims v. Black Horse Carriers Inc. and Cothron v. White Castle System Inc.
Both cases involve class actions brought by employees against their employers based on the practice of scanning employees' fingerprints — which is considered a type of biometric identifier or information under BIPA — for timekeeping authentication purposes.[12]
The plaintiffs in those cases alleged the practice violated BIPA's prohibition against collection of individual biometrics without prior notice and consent, among others.[13]
These recent cases are among many lawsuits filed in recent years against employers — including those in the hospitality industry — that commonly use fingerprint scanning for authentication and/or timekeeping purposes.[14]
BIPA lawsuits will continue to grow, as the statute of limitations for BIPA claims is five years, as opposed to one year, and a separate claim accrues under the statute each time a private entity scans or transmits an individual's biometric identifier or information — allowing a longer period of time for plaintiffs to file lawsuits, as well as exposing employers to multiple violations and resulting damages for one, albeit continuing, practice.[15]
Insurance policies that could potentially provide coverage in response to BIPA and similar privacy-based lawsuits include EPLI policies, directors and officers liability policies, commercial general liability policies, and even cyber liability policies.
However, insurers have aggressively challenged coverage for BIPA lawsuits in recent years, and in the last six months alone, at least three federal district courts in Illinois have decided insurance coverage disputes over underlying BIPA litigation.
Interestingly, the decisions are somewhat inconsistent in interpreting similar policies and exclusions therein.
Thermoflex
In Thermoflex Waukegan LLC v. Mitsui Sumitomo Insurance USA Inc., an employer was sued in an underlying putative class action for alleged violation of BIPA by requiring hourly workers to scan their handprints for timekeeping purposes, transmitting the data to a third party without authorization, and failing to provide a company policy identifying its retention schedule or procedures for obtaining employees' consent and release.[16]
The employer sued its insurer for failing to defend the underlying BIPA litigation under a series of CGL policies as well as excess and umbrella insurance policies.[17]
The U.S. District Court for the Northern District of Illinois first held in its January decision that the access or disclosure of confidential or personal information exclusion in the CGL policies barred coverage, and then held that there was no coverage under the excess policies either as those policies required coverage in the underlying CGL policies in the first instance.[18]
As for the umbrella policies — which provided coverage for damages the employer became legally obligated to pay for personal and advertising injury in excess of its self-insured retention or other insurance coverage — the court held that the statutory violation exclusion, the data breach exclusion, and employment-related practices exclusion did not apply because they were all ambiguous, and under the common insurance law doctrine of interpreting ambiguous policy provisions in favor of coverage, they should be interpreted as inapplicable to the BIPA lawsuit.[19]
Fruit Fusion
Fruit Fusion Inc. is an Illinois corporation that operates ice cream and frozen yogurt shops and was named — in State Auto Property & Casualty Insurance Co. v. Fruit Fusion Inc. — as a defendant in an underlying putative class action filed by its employees for alleged violations of BIPA based on its requirement that employees scan their fingerprints to clock in and out.[20]
Fruit Fusion's insurer filed a complaint seeking a declaratory judgment that it owed no duty to defend under the CGL insurance policies it had issued to Fruit Fusion.[21]
The U.S. District Court for the Southern District of Illinois held on Sept. 30, 2022, that the personal and advertising injury provision in the CGL policies, which covers injury arising out of "[o]ral or written publication, in any manner of material that violates a person's right of privacy," was applicable based on the allegations in the underlying complaint, but the data compromise plus endorsement in the policies was not.[22]
As in Thermoflex, the court also held in Fruit Fusion that the employment-related practices exclusion did not apply to bar coverage; however, contrary to Thermoflex, the court in Fruit Fusion held that the recording and distribution of material or information in violation of law exclusion — an exclusion with wording similar to the statutory violation exclusion in Thermoflex — applied to exclude coverage for the underlying BIPA lawsuit.[23]
Cheese Merchants
Employees of Cheese Merchants of America LLC, a cheese processing and packing company in Cook County, Illinois, filed a putative class action against their employer in Continental Wester Insurance Co. v. Cheese Merchants of America LLC, alleging violation of BIPA based on Cheese Merchants' use of a biometric time-tracking system that scans the backs of employees' hands for authentication.[24]
Cheese Merchants' insurer sought a declaratory judgment that it had no duty to defend the underlying BIPA lawsuit under the CGL and umbrella coverage in its insurance policies, arguing that coverage was barred by three exclusions.[25]
In line with the Fruit Fusion decision, the Northern District of Illinois held in March in the Cheese Merchants case that the employment-related practices exclusion did not preclude coverage for the underlying lawsuit, but the recording and distribution of material or information in violation of law exclusion did apply to exclude coverage.[26]
In addition, the court also held that an exclusion that concerns access to or disclosure of confidential or personal information was also applicable to bar coverage.[27]
Hospitality companies facing, or at risk of facing, BIPA and other privacy-based lawsuits should examine their existing insurance policies carefully, especially the exclusions noted above — which are often cited by insurers in support of coverage denials.
In addition, recent BIPA decisions — such as Cothron — may very well have implications for the number of occurrences or claims recognized by a particular insurance policy, and correspondingly, the retention(s) paid by the policyholder.
Human Trafficking Claims
In addition to the litigation risks associated with wage and hour claims and BIPA and other privacy claims, hospitality companies continue to experience lawsuits alleging violation of human trafficking and related laws at the policyholder's property.
In such lawsuits, plaintiffs allege that hotel employees failed to interfere or prevent the harm and that the hotel financially benefited from the harm.
Insurance policies that may cover human trafficking claims include CGL policies and errors and omissions liability polices.
CGL policies typically provide coverage for damages the insured becomes legally obligated to pay arising from bodily injury or property damage that occurred on the insured property. Errors and omissions policies usually apply to damages the insured becomes legally obligated to pay arising out of an alleged wrongful act — often defined as a negligent act, error or omission — by the policyholder within the scope of professional services provided by that policyholder.
In attempting to avoid coverage for human trafficking claims, insurers often seek an early declaratory judgment that there is no duty to defend or indemnify such claims.
For example, on Feb. 7, in Mesa Underwriters Specialty Insurance Co. v. Moda Invest Ltd. d/b/a W. Inn Motel — in the U.S. District Court for the Southern District of Texas — an insurer filed a complaint for a judicial declaration that it did not have a duty to defend or indemnify an underlying lawsuit against a motel owned by the insured where human trafficking allegedly occurred, citing the abuse or molestation exclusion, the human trafficking exclusion, as well as the abuse or battery exclusion to bar coverage, among other grounds.[28]
A recent U.S. Court of Appeals for the Third Circuit decision indicates that, even without an explicit human trafficking exclusion, coverage for underlying lawsuits asserting human trafficking or related claims could be barred by a more common assault or battery exclusion.
In 2018's Nautilus Insurance Co. v. Motel Management Services Inc., — in the U.S. District Court for the Eastern District of Pennsylvania — the insured motel appealed the trial court's decision that the hotel's CGL policy's assault or battery exclusion barred coverage over an underlying lawsuit where three women alleged that the motel permitted them to be trafficked for commercial sex on its premises.[29]
In affirming the district court's decision, the Third Circuit held that, under applicable Pennsylvania law, the assault or battery exclusion unambiguously applied to the underlying lawsuit because:
[s]elling the women for sex under these circumstances qualified as assault because it placed them in imminent apprehension of a harmful or offensive bodily contact [and that] [s]imilarly, the allegations in each of the complaints suffice for battery: by using force and drugs to compel the women's participation in the sex trade, the traffickers subjected the women to harmful or offensive bodily contact without their consent.[30]
The Third Circuit also rejected the motel's argument that human trafficking may occur without violence, and thus allegations of sex trafficking alone cannot establish an assault or battery — reasoning that the four-corners rule of insurance contract interpretation "does not involve an abstract elemental comparison akin to the categorical approach; instead, it assesses whether the particular factual allegations in a specific case fall within the precise terms of an insurance policy."[31]
The Third Circuit further rejected the motel's argument that the victims consented to their role in the sex trade, reasoning that:
the underlying allegations of modern-day slavery — facilitated by forced drug use, violent criminal aggression, physical injuries, and a climate of fear and anxiety — eliminate any possibility that the women voluntarily and intelligently agreed to the conditions of their own trafficking.[32]
Insured motels and hotels may fare better under other applicable insurance policy provisions.
For example, in 2019's Ricchio v. Bijal Inc., Peerless Indemnity Insurance Co. intervened in the underlying human trafficking lawsuit against a motel owner and two of its employees and sought a declaration that it had no duty to defend or indemnify the underlying lawsuit under its CGL policy and an umbrella policy.[33]
The U.S. District Court for the District of Massachusetts first held that to the extent the victim's injuries arose out of false imprisonment it would trigger an exclusion in one section of the policy that barred coverage over bodily injuries arising out of personal injury, which was in turn defined to include injury arising out of "[f]alse arrest, detention or imprisonment."[34]
However, the court held that another section of the insurance policy that provided coverage for "'personal … injury' caused by an offense arising out of [the insured's] business" was applicable here because the underlying complaint alleged the motel and its employees regularly rented out rooms to overnight guests for the purpose of making money, and thus alleged the victim's injuries were "caused, at least in part, by an offense arising out of [the insured's] business."[35]
Finally, the court rejected the insurer's argument that an exclusion for "'[p]ersonal ... injury' arising out of a criminal act committed by or at the direction of the insured" was applicable, because the motel and its employees allegedly violated only a civil provision of the Trafficking Victims Protection Reauthorization Act of 2003 according to the underlying complaint.[36]
As illustrated above, human trafficking claims can implicate multiple coverage provisions and exclusions, such that careful examination of the interplay of the claims, insuring agreements, and exclusions is key to a successful insurance recovery.
Conclusion
As part of a robust risk management program, hospitality companies should examine existing insurance policies and assess their individual risk of exposure to wage and hour claims, BIPA and other privacy claims, and human trafficking claims.
Analysis of potentially applicable exclusions and other limitations in those insurance policies — as well as proactive actions to secure appropriate coverage enhancements or endorsements, and preparation for potential coverage challenges by insurers — will maximize the likelihood of insurance recoveries for such claims.
Related Attorneys
Related Capabilities
Related Locations
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
News and Insights
Podcasts
Partner Laurel Loomis Rimon Discusses Fintech Enforcement, Debanking, and Regulatory Risk on Fintech Layer Cake Podcast
Partner Laurel Loomis Rimon was featured on the Fintech Layer Cake podcast, where she discussed how fintech enforcement and prosecution actually work in practice, and what exposes fintechs and banks to regulatory risk.
July 15, 2026
Publications
Supreme Court Clarifies Scope of Private Rights of Action Under the Investment Company Act, Private Equity Law Report
Partners Charles Riely, Todd C. Toral, and Martin Glass authored a guest article for Private Equity Law Report examining the US Supreme Court's June 11, 2026, ruling on the scope of private rights of action under the Investment Company Act of 1940.
July 14, 2026
Publications
Emily Loeb Discusses Congressional Oversight Preparedness in Bloomberg Law
Partner Emily Loeb, co-chair of Jenner & Block's Congressional Investigations Practice, spoke with Bloomberg Law article about how companies can prepare for potential oversight exposure ahead of this fall's midterm elections.
July 7, 2026
Publications
In New York Law Journal, The True Lender Doctrine and the OppFi Decision
Partners Jeremy Creelan, Michael Ross, Megan Poetzel, and Laurel Loomis Rimon, and Associate Molly Oberstein-Allen authored an article for the New York Law Journal examining the "True Lender" doctrine in light of a May 2026 California decision that provides the most detailed judicial framework to date for evaluating bank-nonbank lending partnerships.
July 1, 2026
Event
Partner Michael Vernick to Speak at NACUA's 2026 Annual Conference
On July 1, Partner Michael Vernick will speak on a panel at the National Association of College and University Attorneys (NACUA) 2026 Annual Conference in Nashville.
July 1, 2026