Privacy & Cybersecurity Law Blog

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit held that the 2024 amendment to Illinois’ Biometric Information Privacy Act, limiting damages, applies retroactively to pending cases.

If recent years have taught insurance practitioners anything, it is that the most consequential coverage disputes rarely turn on novelty alone. In 2025, courts continued to resolve high‑stakes insurance disputes by returning to first principles—examining when claims are related, how losses and occurrences are defined and aggregated, and how policy language allocates risk across time and conduct. D&O coverage and other core insurance law issues again occupied center stage, while decisions in property, cyber, and liability disputes reinforced a familiar theme: policy interpretation remains the decisive factor in determining whether coverage is available in an increasingly complex claims environment. As the decisions discussed below demonstrate, 2025 confirmed that even as risks evolve, coverage disputes remain grounded in careful, policy‑specific analysis.

On September 2, 2025, two class actions were filed in federal district court alleging that defendants digital advertising platforms Xandr, Inc. and Index Exchange, Inc. violated the Electronic Communications Privacy Act by unlawfully intercepting wire communications for the purpose of violating the Department of Justice’s Bulk Data Transfer Rule.

On April 11, 2025, the U.S. Department of Justice issued a compliance guide, FAQs and an Implementation and Enforcement Policy to assist organizations to comply with the DOJ’s final rule implementing Executive Order 14117 (Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern). The guidance comes just days after certain of the final rule’s provisions became effective on April 8, 2025.