State Farm and ISO: Billions in Illicit Profits from Private Information

On behalf of six Plaintiffs and a proposed class, Ed White Law and co-counsel Cain Law Office; Pogust Goodhead, LLC; and Javerbaum Wurgaft Hicks Khan Wikstrom and Sinnis, PC filed suit against State Farm Mutual Automobile Insurance Company (“State Farm”), Verisk Analytics d/b/a ISO CLAIMSEARCH® (“Verisk”) and Insurance Services Office, Inc. (“ISO”) in Middlesex County, New Jersey, Case No. MID‑L‑356‑23.

The complaint, filed on January 20, 2023, alleges that State Farm illegally submitted personal and confidential information about Plaintiffs’ insurance claims, including medical treatment information, to Verisk / ISO for inclusion in an immense database it maintains. By submitting the information to Verisk / ISO, the Complaint alleges that State Farm violated applicable state and federal law. State Farm, along with other insurers, annually submit an estimated two billion records to Verisk / ISO, creating a database of around 30 billion records – over 90 records per American. The confidential data encompasses everything from insurance policy numbers and social security information to medical records and financial information.

State Farm submits the information to Verisk / ISO without giving consumers notice of the submission. In fact, State Farm has even submitted information in direct violation of a court order.

Verisk / ISO’s sells access to its databases without consumer consent and again without notifying consumers that their information has been sold. One small portion of the services offered by Verisk / ISO using information it received improperly include “insurance, banking, finance, construction, real estate, law enforcement, emergency services, government, real estate, and geopolitics.” It is difficult to imagine a field in which Verisk / ISO does not plan to offer its services, which are built on Plaintiffs’ and the class member’s private data it improperly acquired from State Farm and other insurers.

Privacy is the control over knowledge about oneself. The Supreme Court has also recognized a right to privacy in avoiding the disclosure of personal matters and, has recognized an individual’s privacy right in maintaining the confidentiality of the personal and sensitive nature of the information contained in medical records. The public policy regarding a right to privacy in financial and medical information has been codified in The Gramm-Leach-Bliley Act (“GLBA”) and the well-known HIPAA protecting medical information.

The Complaint alleges two different kinds of invasion of privacy – publicity given to private life and intrusion upon seclusion – against all Defendants. Against State Farm, the Complaint also alleges breach of the insurance contract and breach of a fiduciary duty associated with adjusting first-party insurance claims.

Plaintiffs ask the New Jersey Court to certify a class of others similarly situated and to provide injunctive / declaratory relief associated with the improper submission, aggregation, and sale of their data by Verisk / ISO, namely: (1) to enjoin State Farm from improperly submitting any further records to Verisk / ISO, and (2) to order removal of Plaintiffs’ and the Class members’ records from Verisk / ISO’s databases. Certification is also sought for a special determination regarding whether a) State Farm is allowed to transmit Private Information to Verisk / ISO; b) in order to transmit Private Information to Verisk / ISO, State Farm is required to get the consent of the owner of the Private Information; and c) if Verisk / ISO are allowed to keep the Private Information, whether the use of the information by Verisk / ISO is limited in any manner (for example, requiring disclosure and/or payment associated with each use of Private Information).