INSURANCE-RELATED COURT CASES
Digested from case reports published online
COURT DECISIONS
You violated our privacy!
Mullins Food Products, Inc., an Illinois-based company that manufactured food ingredients, was sued under a state act regarding information privacy. Rather than provide coverage or a legal defense of the suit, its commercial general liability (CGL) insurer, Citizens Insurance Company, denied the claim and filed its own suit.
Citizens’ position was that it did not owe a duty to defend nor cover Mullins, which in response, filed for a declaratory judgement that Citizens was not obligated to respond to their loss (Mullins had already paid a settlement on its own).
A district court found in favor of Citizens and Mullins appealed.
Mullins was sued for violating the privacy of its employees under the Illinois Biometric Information Privacy Act (BIPA). In Mullins’ desire to manage and monitor its employees’ use of time, assist data storage and facilitate payroll, it electronically scanned their fingerprints.
The scanning was done without consent, without a published policy regarding the action, nor any explanation about how the information would be used. Regardless, the scanned information was shared with third parties.
In the suit, three successive annual CGL policies were identified as being relevant to Mullins’ demand for coverage of its legal defense and the damages it paid to settle the loss. Citizens relied on two different policy exclusions to relieve it from having to respond. It argued that the exclusions narrowed protection under the Coverage B section (Personal and Advertising Injury) contained in all three policy periods.
A provision called “Access or Disclosure Exclusion” was not part of the earliest of the three policies. A second provision, called “Statutory Violations Exclusion,” was part of all three policies.

The former provision only made reference to denying personal and advertising injury coverage as a result of providing access to or disclosure of any type of nonpublic (aka private) information. The latter provision denied both direct and indirect personal and advertising injury protection for acts in violation of the Can-Spam Act, the Fair Credit reporting Act, the Telephone Consumer Protection Act as well as any local, state or federal regulations that mandate how information is to be properly handled.
Both courts that heard this matter focused on the applicability of these exclusions to the documented violations. Eventually, the lower court ruled in favor of Citizens, finding that both exclusions acted to bar coverage for Mullins’ privacy violations.
The higher court review was extensive, involving an examination of the lower court’s rationale and research and review of several other cases it found relevant. It also spent time over the exclusionary wording and whether they were so broad that they, effectively, made any personal and advertising injury coverage moot.
In the end, the court determined that the “Statutory Violations Exclusion” did not apply to the transgressions committed by Mullins. However, due to its different language, the “Access or Disclosure Exclusion” did bar coverage.
A further determination was that, as the latter exclusion was not a part of the earliest CGL policy issued to Mullins, Citizens may have an obligation to respond to the lawsuit under that policy. Therefore, the lower court decision was vacated and remanded for handling in light of the higher court’s determination.
Citizens Insurance Co. of America v. Mullins Food Products, Inc.—US Court of Appeals, Seventh Circuit—No. 24-1524—May 2, 2025.