(Article from Insurance Law Alert, November 2017)
For more information, please visit the Insurance Law Alert Resource Center.
Our March 2016 Alert reported on an Illinois district court decision denying an insurer’s motion to dismiss a putative class action suit alleging improper handling of policyholders’ personal information. Dolmage v. Combined Ins. Co. of Am., 2016 WL 754731 (N.D. Ill. Feb. 23, 2016). This month, the court granted the insurer’s summary judgment motion, finding that a privacy pledge submitted to insured parties with the insurance policy was not part of the contract. Dolmage v. Combined Ins. Co. of Am., 2017 WL 5178792 (N.D. Ill. Nov. 8, 2017).
The insurer issued disability, health, life and accident policies to the plaintiff and putative class members. When the policies were issued, the insurer sent each enrollee a document entitled “Our Privacy Pledge to You,” along with other materials relating to the policies. The Privacy Pledge describes the insurer’s handling of policyholders’ personal information and states, among other things, that it maintains safeguards that comply with federal regulations to protect personal data.
The insurer retained Enrolltek, a vendor that performs enrollment and other administrative functions, and provided it with enrollees’ personal information. According to the complaint, the personal information was readily accessible online to the general public for several months before the security lapse was discovered. Thereafter, a fraudulent tax return was filed in the plaintiff’s name by an unknown identity thief. Plaintiff filed a putative class action against the insurer, alleging, among other things, a breach of contract claim based on the insurer’s alleged breach of the Privacy Pledge.
Plaintiff alleged that the Privacy Pledge was part of the insurance contract based on the following facts: (1) the policy expressly states that “Policy means this policy with any attached application(s), and any riders and endorsements”; (2) the table of contents for the policy states that “A copy of the application and any riders and endorsements follow page 17”; (3) following page 17 were various documents, including the Privacy Pledge; and (4) some policy materials contained an express disclaimer stating that “THIS IS NOT A PROPOSAL AND IS NOT PART OF THE INSURANCE CONTRACT,” but the Privacy Pledge contains no such disclaimer. The court disagreed and granted the insurer’s summary judgment motion.
Applying Iowa law, the court concluded that the Privacy Pledge was not part of the parties’ agreement. In particular, the court held that the Privacy Pledge did not constitute a “rider or endorsement” to the insurance policy, but rather was “simply a loose document, like the blank forms and brochures, that was included in the fulfillment materials sent to Plaintiff.” In so ruling, the court noted that the insurer had not filed the Privacy Pledge with state insurance regulators, which is the usual and customary practice with respect to riders and endorsements. Additionally, the court explained that the Privacy Pledge does not bear any of the traditional hallmarks of a rider or endorsement, such as a “label” at the top of the page or a signature by an insurance company representative.