The Illinois Appellate Court recently issued an opinion in a Biometric Information Privacy Act lawsuit, Remprex v. Certain Underwriters at Lloyd’s London, that raised eyebrows from corporations and insurance companies alike—but for different reasons.

In April, the court found that a cyber insurer, Lloyd’s of London, was obliged to defend its client, technology company Remprex, under its cyber policy. The tech company accrued the BIPA violations when it fingerprinted client BNSF Railway Co.’s employees in a third-party capacity and, allegedly, improperly collected and stored the biometric data, according to a lawsuit, Rogers v. BNSF Ry., in the U.S. District Court for the Northern District of Illinois.