CHICAGO, Feb. 23 – A Federal Judge in Illinois has allowed a proposed data breach class action case against an insurer to proceed, ruling the insurer’s “Privacy Pledge” could be a part of the insuring agreement.
Dolmage and other employees of Dillard’s Stores purchased coverage from Combined Insurance through her employer between 2011 and 2012. During the course of the application process, Dolmage and other employees were required to provide personal information to Combined. During the process Combined furnished applicant’s with a “Privacy Pledge,” which indicated that personal information obtained in the application process, such as social security numbers, would be safeguarded and protected. The Pledge further stated that Combined would provide information to affiliated companies to assist with the insurance placement process.
Combined engaged Enrolltek to assist with processing and placement of the coverage, and provided Enrollteck with a database of applicants’ information, which Enrolltek copied to an unsecure external hard drive and later maintained on an unsecured website. Dolmage and other employees discovered through Google searches that their personal information from this process was readily available online at the unsecure website operated by Enrolltek.
Dolmage and other class action plaintiffs filed a ten – count complaint in federal court alleging, among other things, breach of contract and breach of fiduciary duty. Following a Rule 12(b)(6) motion filed by Combined, the class action plaintiffs filed an amended complaint alleging only a breach of contract claim, and Combined filed a motion to dismiss, alleging that the complaint failed to state a plausible cause of action against it relating to the “Privacy Pledge” serving as the basis for a breach claim.
Judge Ruben Castillo denied Combined’s dismissal motion, and ruled that the Privacy Pledge, as the Plaintiffs alleged, was part of the insuring agreement between Combined and the Dillard’s employees, despite an integration clause in the policy, presumably preventing the policy from being supplemented. Castillo ruled that at other parts of the policy, Combined did incorporate by reference other extraneous documents, such as applications, riders, and endorsements. The Court also relied on case law and Black’s Law Dictionary to point out that the terms “rider” and “endorsement” were broad, covering many possible amendments to the insuring agreement.
Dolmage v. Combined Insurance Co. of America (N.D. Ill, February 23, 2016)