                              Illinois Official Reports

                                      Appellate Court



             Doctors Direct Insurance, Inc. v. Bochenek, 2015 IL App (1st) 142919



Appellate Court          DOCTORS DIRECT INSURANCE, INC., Plaintiff-Appellee, v.
Caption                  DAVID BOCHENEK, Defendant-Appellant (Beaute’E’mergente,
                         LLC, Doing Business as McAdoo Cosmetic Surgery, Defendant).




District & No.           First District, First Division
                         Docket No. 1-14-2919




Filed                    August 3, 2015




Decision Under           Appeal from the Circuit Court of Cook County, No. 13-CH-26258; the
Review                   Hon. Franklin Ulyses Valderrama, Judge, presiding.




Judgment                 Affirmed.




Counsel on               Daniel A. Edelman, Cathleen M. Combs, James O. Latturner, and
Appeal                   Rebecca A. Cohen, all of Edelman, Combs, Latturner & Goodwin,
                         LLC, of Chicago, for appellant.

                         Charles A. Valente and William D. Nagel, both of Krasnow Saunders
                         Kaplan & Beninati, LLP, of Chicago, for appellee.
     Panel                   JUSTICE CONNORS delivered the judgment of the court, with
                             opinion.
                             Presiding Justice Delort and Justice Harris concurred in the judgment
                             and opinion.


                                              OPINION

¶1          Defendant, David Bochenek (Bochenek), appeals from an order of the circuit court that
       granted the motion of plaintiff, Doctors Direct Insurance, Inc. (Doctors Direct), for judgment
       on the pleadings pursuant to section 2-615(e) of the Code of Civil Procedure (Code) (735
       ILCS 5/2-615(e) (West 2012)). The circuit court found that Doctors Direct did not have a
       duty to defend or indemnify defendant Beaute’E’mergente, LLC, doing business as McAdoo
       Cosmetic Surgery (McAdoo), in a federal class action lawsuit filed by Bochenek. On appeal,
       Bochenek contends that McAdoo’s insurance policy with Doctors Direct covers the claims in
       Bochenek’s federal lawsuit. We affirm.
¶2          This matter involves two federal complaints apparently filed by Bochenek–an original
       complaint and a first amended complaint. The two complaints are nearly the same, but the
       first amended complaint added an allegation that will be noted below. In his original federal
       complaint, in which McAdoo and others who are not parties to this appeal were named as
       defendants, Bochenek alleged that in September and October 2013, he received unsolicited
       text messages on his cellular phone. The text messages read as follows:

              “50% off Rockford area Botox,
              now $7/unit. Call within 4
              weeks (815) 397-3373 McAdoo
              Cosmetic Surgery Reply STOP to opt-out.

              25% off filler, Juvederm now
              $450/syringe when you schedule
              in the next 4
              weeks. 815 397-3373 McAdoo
              Cosmetic Surgery Reply STOP to
              opt-out.

              McAdoo Cosmetic Surgery
              815-397-3373:
              Please reply VIP to receive inside
              privileged offers: Botox, fillers,
              product, etc. Reply STOP to opt-
              out.”

                                                   -2-
¶3       Bochenek further alleged in his original federal complaint that McAdoo was “responsible
     for making or causing the making of the text message calls,” Bochenek had not authorized
     the calls, and Bochenek had not provided McAdoo with his cellular phone number.
     According to Bochenek, the text messages came from an email address associated with
     SolutionReach, which was “engaged in the business of marketing and selling electronic
     communication solutions to healthcare practices.” Bochenek stated that on information and
     belief, the text messages were part of a “mass broadcasting.”
¶4       In his original federal complaint, Bochenek asserted that defendants violated the
     Telephone Consumer Protection Act (47 U.S.C. § 227 (2012)). In addition, Bochenek alleged
     that defendants “engaged in unfair acts and practices” that violated section 2 of the Consumer
     Fraud and Deceptive Business Practices Act (the Consumer Fraud Act) (815 ILCS 505/2
     (West 2012)). According to Bochenek, the text message calls were contrary to Illinois public
     policy and public policy as established by the Telephone Consumer Protection Act.
¶5       McAdoo had medical professional liability insurance coverage with Doctors Direct. The
     policy included a cyber claims endorsement, which stated:
              “Subject to all terms, conditions, definitions and exclusions of the Policy, we agree to
              reimburse protected parties, up to the applicable limit indicated in this endorsement,
              for costs protected parties become legally obligated to pay as a result of a Cyber
              Claim for any Network Security Wrongful Act or Privacy Wrongful Act including
              Patient Notification Costs and Credit Monitoring Costs incurred for any Privacy
              Wrongful Act and for Data Recovery Costs incurred due to a Data Interference
              Act, including Defense Costs of a Government Investigation for a Privacy
              Wrongful Act.” (Emphases in original.)
¶6       The endorsement defined a cyber claim as:
              “a demand for money or services as compensation, such as a claim letter, notice of
              attorney’s lien, or a civil suit, administrative proceeding, arbitration or mediation
              seeking to compel such compensation in which protected parties must participate.”
     Additionally, a privacy wrongful act was defined as:
              “any breach or violation of U.S. federal, state, or local statutes and regulations
              associated with the control and use of personally identifiable financial, credit or
              medical information, whether actual or alleged, but only if committed or allegedly
              committed by protected parties.”
¶7       On October 30, 2013, McAdoo notified Doctors Direct of the federal lawsuit and asserted
     that Bochenek’s allegations triggered Doctors Direct’s obligation to defend and indemnify
     McAdoo. McAdoo further stated that coverage was triggered by the cyber claims
     endorsement and the definition of a privacy wrongful act.
¶8       On November 22, 2013, Doctors Direct filed a complaint for declaratory relief in the
     Cook County circuit court. Doctors Direct contended that the policy did not cover McAdoo
     for the claims raised in the federal lawsuit and, moreover, the federal complaint failed to
     allege a privacy wrongful act under the policy. Doctors Direct sought a declaration that it did
     not have to provide a defense to McAdoo in the federal lawsuit or indemnify McAdoo for
     any damages awarded.
¶9       On January 14, 2014, McAdoo filed a petition for bankruptcy in the United States
     Bankruptcy Court for the Northern District of Illinois. Ultimately, the bankruptcy court

                                                 -3-
       limited Bochenek’s recovery against McAdoo to the proceeds of Doctors Direct’s insurance
       policy.
¶ 10       On March 28, 2014, Bochenek filed his answer to Doctors Direct’s complaint, stating that
       his lawsuit constituted a privacy wrongful act under the cyber claims endorsement of the
       Doctors Direct policy.
¶ 11       On April 4, 2014, Doctors Direct filed a motion for judgment on the pleadings pursuant
       to section 2-615(e) of the Code (735 ILCS 5/2-615(e) (West 2012)). Doctors Direct
       contended that Bochenek’s claims under the Telephone Consumer Protection Act (47 U.S.C.
       § 227 (2012)) and Consumer Fraud Act (815 ILCS 505/1 et seq. (West 2012)) were not based
       on a privacy wrongful act because neither statute was applied or associated with the control
       and use of personally identifiable financial, credit, or medical information. Doctors Direct
       asserted that as a result, the court should enter a judgment declaring that Bochenek’s federal
       lawsuit was not covered under the policy.
¶ 12       In his response, Bochenek asserted that the Doctors Direct policy covered McAdoo for
       the federal lawsuit because the conduct complained of involved the control and use of
       personally identifiable financial, credit, and medical information. Bochenek asserted that the
       Doctors Direct policy was ambiguous as to whether the “ ‘breach or violation’ ” of the
       “ ‘U.S. federal, state or local statutes and regulations’ ” must be associated with the control
       and use of personally identifiable financial, credit, or medical information. Regardless,
       Bochenek stated that both the particular conduct at issue and the laws violated were
       associated with the control and use of personally identifiable financial, credit, or medical
       information, and that any ambiguity must be resolved in favor of coverage. Additionally,
       Bochenek asserted that discovery had revealed that McAdoo had acquired customer
       information, including names and cellular phone numbers, from the owner of a spa.
       Bochenek contended that “[b]eing identified as someone who might consume cosmetic
       surgery is as stigmatizing as being identified as part of a group that would participate in, for
       example, psychotherapy” and that McAdoo’s actions implicated privacy concerns. Bochenek
       further asserted that a list of people “believed to be prospects for medical procedures and
       their cell phone numbers” was “ ‘personally identifiable financial, credit or medical
       information.’ ”
¶ 13       In its reply, Doctors Direct asserted that Bochenek had construed the definition of a
       privacy wrongful act in a way that was at odds with plain, ordinary English. Additionally,
       Doctors Direct contended that neither the Telephone Consumer Protection Act nor the
       Consumer Fraud Act were concerned with the secrecy of personally identifiable financial,
       credit, or medical information. Doctors Direct also stated that the court could disregard
       Bochenek’s reference to information learned from discovery because discovery was
       irrelevant on a motion for judgment on the pleadings and even if it was relevant, Bochenek
       had not presented the supposed discovery responses to the court.
¶ 14       Subsequently, in June 2014, Bochenek filed a motion for leave to file a surreply, noting
       Doctors Direct’s claims that the court could not consider discovery in the federal case and
       that Bochenek’s federal complaint did not allege any violation or breach associated with the
       control and use of personally identifiable financial, credit, or medical information. Bochenek
       stated that he had filed a motion for leave to file an amended complaint in federal court, and
       that this amended complaint added allegations that McAdoo “obtained a list of personally


                                                  -4-
       identifiable financial, credit or medical information of customers of a spa without their
       consent and used that information to send spam text messages to them.”
¶ 15       On June 23, 2014, the court denied Bochenek’s motion for leave to file a surreply.
¶ 16       The record reflects that on June 30, 2014, Bochenek filed a notice of filing and a copy of
       a first amended federal complaint (amended complaint). The notice of filing is date-stamped
       by the Cook County clerk’s office. The amended complaint added an allegation that McAdoo
       “obtained a list of personally identifiable financial, credit or medical information of
       customers from a spa–including their names and telephone numbers–without the customers’
       consent and used that personally identifiable information to send advertising text messages to
       those customers believing they would be likely to purchase cosmetic surgery products.”
¶ 17       On September 15, 2014, the court issued a memorandum opinion and order that granted
       Doctors Direct’s motion for judgment on the pleadings. The court acknowledged that
       Bochenek had filed an amended complaint on June 30, 2014, but stated that “neither party
       asserts that the amendment in the Bochenek Lawsuit affects [Doctors Direct’s] Motion for
       Judgment on the Pleadings.” Construing the insurance policy, the court stated in its order that
       under a plain reading of the privacy wrongful act provision, the phrase “ ‘associated with the
       control and use of personally identifiable financial, credit, or medical information’ ” qualified
       the phrase immediately preceding it, “ ‘of U.S. federal, state or local statute or regulation.’ ”
¶ 18       The court’s order also addressed whether Doctors Direct had to cover Bochenek’s claim
       under the Telephone Consumer Protection Act and stated that the Telephone Consumer
       Protection Act was intended to protect consumers from certain forms of undesirable
       communication. The court found that nothing in the plain language of the statute indicated an
       intent to protect against the compilation of consumers’ names and phone numbers for use in
       telemarketing. The court stated that because “the statute does not regulate actions that may be
       taken to prepare for the placement of these automated phone calls,” the Telephone Consumer
       Protection Act was not “ ‘associated with the control and use of personally identifiable
       financial, credit, or medical information.’ ”
¶ 19       The court also found that even if it accepted Bochenek’s interpretation that the Telephone
       Consumer Protection Act was associated with the control and use of personally identifiable
       financial, credit, or medical information, Bochenek had nonetheless failed to establish “that
       the collection of names and telephone numbers implicates the control and use of personally
       identifiable financial, credit, or medical information.” Based on its review of federal
       regulations referenced by Bochenek, the court disagreed with Bochenek’s assertion that a list
       of prospective customers for cosmetic surgery services constituted personally identifiable
       financial information.
¶ 20       The court further stated in its order that the Doctors Direct policy did not cover violations
       of the Consumer Fraud Act. The court found there was nothing in the plain language of the
       Consumer Fraud Act to indicate that the statute intended to protect against the disclosure of
       personally identifiable financial, credit, or medical information. The court added that “[t]o
       the extent that the [Consumer Fraud Act] does prohibit the violation of other state statutes
       that are associated with the control and use of personally identifiable financial, credit, or
       medical information,” that provision was irrelevant because Bochenek’s federal lawsuit did
       not allege a violation of those other state statutes. The court found overall that Doctors Direct
       had no duty to defend or indemnify McAdoo and dismissed the matter in its entirety.


                                                   -5-
¶ 21        On appeal, Bochenek contends that his federal claim under the Telephone Consumer
       Protection Act alleged a privacy wrongful act under the Doctors Direct policy. According to
       Bochenek, the phrase “associated with” is expansive, and both the conduct at issue and the
       statutes and regulations prohibiting the conduct are necessarily associated with the control
       and use of personally identifiable financial, credit, or medical information. Bochenek also
       asserts that the policy language for a privacy wrongful act is ambiguous, and therefore should
       be construed against Doctors Direct. Additionally, Bochenek argues that the Doctors Direct
       policy does not require that a statute or regulation expressly state an intent to regulate the
       control and use of personally identifiable financial, credit, or medical information. Bochenek
       further contends that the Telephone Consumer Protection Act as a whole regulates
       telemarketing lists, and that the statute and its corresponding Federal Communications
       Commission (FCC) regulations regulate actions that may be taken to prepare for placing
       automated phone calls.
¶ 22        As noted above, this appeal concerns a motion for judgment on the pleadings. According
       to section 2-615(e) of the Code, “[a]ny party may seasonably move for judgment on the
       pleadings.” 735 ILCS 5/2-615(e) (West 2012). Judgment on the pleadings is proper “where
       the pleadings disclose no genuine issue of material fact and that the movant is entitled to
       judgment as a matter of law.” Gillen v. State Farm Mutual Automobile Insurance Co., 215
       Ill. 2d 381, 385 (2005). A motion for judgment on the pleadings tests the sufficiency of the
       pleadings by determining whether the plaintiff is entitled to the relief sought by its complaint,
       or in the alternative, whether the defendant by his answer has “set up a defense that would
       entitle him to a hearing on the merits.” Continental Casualty Co. v. Cuda, 306 Ill. App. 3d
       340, 346 (1999). A party who moves for judgment on the pleadings concedes the truth of the
       well-pled facts in the respondent’s pleadings. Parkway Bank & Trust Co. v. Meseljevic, 406
       Ill. App. 3d 435, 442 (2010). In ruling on a motion for judgment on the pleadings, the court
       considers only the facts apparent from the face of the pleadings, matters subject to judicial
       notice, and judicial admissions in the record. Gillen, 215 Ill. 2d at 385. “[I]f the pleadings put
       in issue one or more material facts, evidence must be taken to resolve such issues and
       judgment may not be entered on the pleadings.” (Internal quotation marks omitted.)
       Continental Casualty Co., 306 Ill. App. 3d at 347. On review, we determine whether any
       issues of material fact exist, and if not, whether the movant was entitled to judgment as a
       matter of law. Gillen, 215 Ill. 2d at 385. We review a circuit court’s order granting judgment
       on the pleadings de novo. Parkway Bank & Trust Co., 406 Ill. App. 3d at 442.
¶ 23        Our analysis below considers both Bochenek’s original and amended federal complaints.
       It is unclear from the record whether the circuit court considered the amended complaint in
       making its ruling, having stated in its order that “neither party asserts that the amendment in
       the Bochenek Lawsuit affects [Doctors Direct’s] Motion for Judgment on the Pleadings.”
       The record does not contain a report of proceedings for the date on which the court heard
       arguments on Doctors Direct’s motion for judgment on the pleadings. Further, the record
       does not indicate whether Bochenek’s original federal complaint or amended complaint was
       pending before the federal court. Given this uncertainty, we consider both complaints.
¶ 24        To determine whether the Doctors Direct policy covers the federal lawsuit, we must first
       construe the definition of a privacy wrongful act in the insurance policy. As noted above, the
       policy defines a privacy wrongful act as:



                                                   -6-
               “any breach or violation of U.S. federal, state or local statutes and regulations
               associated with the control and use of personally identifiable financial, credit or
               medical information, whether actual or alleged, but only if committed or allegedly
               committed by protected parties.”
¶ 25        The rules that apply to contract interpretation govern the interpretation of an insurance
       policy. Gaudina v. State Farm Mutual Automobile Insurance Co., 2014 IL App (1st) 131264,
       ¶ 17. When construing an insurance policy, our primary objective is to ascertain and give
       effect to the parties’ intent, as expressed in the policy language. Gillen, 215 Ill. 2d at 393.
       Further, we should give a natural and reasonable construction to an insurance policy. Id. “If
       the terms in the policy are clear and unambiguous, the court must give them their plain,
       ordinary, [and] popular meaning.” Outboard Marine Corp. v. Liberty Mutual Insurance Co.,
       154 Ill. 2d 90, 119 (1992). A term is ambiguous, and construed against the drafter of the
       policy, if it is subject to more than one reasonable interpretation within the context in which
       it appears. Id. To determine whether the insurer has a duty to defend, a court must compare
       the allegations in the underlying complaint to the policy language. General Agents Insurance
       Co. of America, Inc. v. Midwest Sporting Goods Co., 215 Ill. 2d 146, 154-55 (2005). If the
       underlying complaint alleges facts within or potentially within policy coverage, the insurer
       must defend the insured even if the allegations are groundless, false, or fraudulent. Id. at 155.
¶ 26        Turning to the definition of a privacy wrongful act, the parties’ disagreement concerns
       the definition of the phrase “associated with” and what that phrase modifies. Under our
       reading of the definition’s plain language, it is the U.S. federal, state, or local statute or
       regulation that must be associated with the control and use of personally identifiable
       financial, credit, or medical information. Though Bochenek questions its applicability, the
       parties note the last antecedent rule, in which a qualifying phrase is confined to the last
       antecedent unless there is something in the instrument that requires a different construction.
       Illini Federal Savings & Loan Ass’n v. Elsah Hills Corp., 112 Ill. App. 3d 356, 359 (1983).
       As here, “[w]here the text of the statute is clear and unambiguous, there is no need to resort
       to canons of statutory construction such as the last-antecedent rule.” (Internal quotation
       marks omitted.) Department of Transportation v. Singh, 393 Ill. App. 3d 458, 465 (2009).
       However, using the last antecedent rule here helps illustrate the proper construction of the
       definition of a privacy wrongful act. The phrase immediately preceding “associated with” is
       “U.S. federal, state or local statutes or regulations.” As such, “associated with” only applies
       to “U.S. federal, state or local statutes or regulations,” and not to “any breach or violation.”
       The last antecedent rule underscores that it is the statute or regulation that must be associated
       with personally identifiable financial, credit, or medical information.
¶ 27        Our next task is to define “associated with,” which will clarify the required relationship
       between “U.S. federal, state or local statutes and regulations” and “control and use of
       personally identifiable financial, credit or medical information.” Where a term in an
       insurance policy is not defined, we afford that term its plain, ordinary, and popular
       meaning–that is, we look to its dictionary definition. Gaudina, 2014 IL App (1st) 131264,
       ¶ 18. “Associate” is defined as “to join (things) together or connect (one thing) with another:
       COMBINE,” “to join or connect in any of various intangible or unspecified ways (as in
       general mental, legendary, or historical relationship, in unspecified causal relationship, or in
       unspecified professional or scholarly relationship),” and “to combine or join with another or



                                                   -7-
       others as component parts: UNITE.” Webster’s Third New International Dictionary 132
       (1993).
¶ 28       The Telephone Consumer Protection Act is not joined, combined, united, or connected
       with the control and use of personally identifiable financial, credit, or medical information.
       The Telephone Consumer Protection Act outlaws four practices: (1) making a call using an
       automated dialing system or artificial or prerecorded voice, without the prior express consent
       of the called party, to any emergency telephone line, guest or patient room of a hospital,
       health care facility, elderly home, or similar establishment, or to any telephone number
       assigned to a paging service, cellular telephone service, specialized mobile radio service,
       other radio common carrier service, or any service for which the called party is charged for
       the call; (2) initiating any telephone call to any residential telephone line using an artificial or
       prerecorded voice to deliver a message without prior express consent; (3) using a fax
       machine, computer, or other device to send unsolicited advertisements to a fax machine,
       subject to certain exceptions; (4) using an automatic telephone dialing system such that two
       or more telephone lines of a multi-line business are engaged at the same time. 47 U.S.C.
       § 227(b)(1)(A) to (D) (2012); Standard Mutual Insurance Co. v. Lay, 2013 IL 114617, ¶ 28.
       Of note, a “call” includes both voice calls and text messages. Scatterfield v. Simon &
       Schuster, Inc., 569 F.3d 946, 954-55 (9th Cir. 2009); Lozano v. Twentieth Century Fox Film
       Corp., 702 F. Supp. 2d 999, 1009 (N.D. Ill. 2010).
¶ 29       The plain language of the Telephone Consumer Protection Act illustrates that the statute
       only prohibits the actual making of certain kinds of calls. The statute does not address how a
       caller might control or use personally identifiable financial, credit, or medical information
       either before or after the call is made. Although other tools of statutory construction are
       unnecessary when the meaning of a statute is plain on its face (General Motors Corp. v.
       Pappas, 242 Ill. 2d 163, 180 (2011)), we note that Congress enacted the Telephone
       Consumer Protection Act to address telemarketing abuses related to the use of automated
       telephone calls to telephones, cellular telephones, and fax machines, and that the purposes of
       this statute are to “protect the privacy interests of residential telephone customers by
       restricting unsolicited automated telephone calls to the home, and facilitat[e] interstate
       commerce by restricting certain uses of fax machines and automatic dialers” (Standard
       Mutual Insurance Co., 2013 IL 114617, ¶ 27). Congress also found that unrestricted
       telemarketing could be an intrusive invasion of privacy and that automated or prerecorded
       telephone calls to private residences were regarded by recipients as an invasion of privacy.
       Mims v. Arrow Financial Services, LLC, 565 U.S. ___, ___, 132 S. Ct. 740, 745 (2012).
       Along with the plain language of the statute, these purposes illustrate that the Telephone
       Consumer Protection Act focuses on the calls themselves, and is not joined, combined,
       united, or connected to the control and use of personally identifiable financial, credit, or
       medical information to make the calls.
¶ 30       We are not persuaded by Bochenek’s contention that, based on provisions in the
       Telephone Consumer Protection Act and certain FCC regulations, the statute and regulations
       address the manner in which people are selected for marketing. Specifically, Bochenek points
       to three regulations: (1) no person or entity may initiate a telephone solicitation to someone
       who has put his telephone number on the national do-not-call list (47 C.F.R. § 64.1200(c)(2)
       (2012)); (2) no person or entity may call a residential subscriber for telemarketing purposes
       unless that person or entity has its own do-not-call list (47 C.F.R. § 64.1200(d) (2012)); and


                                                    -8-
       (3) no person or entity may use any technology to dial a telephone number to determine
       whether the line is a fax or voice line (47 C.F.R. § 64.1200(a)(8) (2012)). None of these
       regulations are connected with the control or use of personally identifiable financial, credit,
       or medical information. The first two regulations require telemarketers to ascribe to or
       maintain systems that allow people to stop receiving calls, and the third regulation prohibits
       another kind of call. These regulations, like the rest of the Telephone Consumer Protection
       Act, are focused on the act of making calls and are not connected to the use of personally
       identifiable financial, credit, or medical information in service of the calls.
¶ 31       As noted above, a court must compare the allegations in the underlying complaint to the
       policy language to determine whether the insurer has a duty to defend. General Agents
       Insurance Co. of America, 215 Ill. 2d at 154-55. Here, Bochenek’s complaints alleged a
       violation of the Telephone Consumer Protection Act, but because this statute is not
       associated with the control and use of personally identifiable financial, credit or medical
       information, the allegation is not covered by the Doctors Direct policy as a privacy wrongful
       act. As a result, the Doctors Direct policy does not cover this part of Bochenek’s claim.
¶ 32       Bochenek next contends that the Doctors Direct policy covers his claim under the
       Consumer Fraud Act (815 ILCS 505/1 et seq. (West 2012)). Bochenek argues that the
       Consumer Fraud Act prohibits conduct that violates public policy as established by other
       state and federal statutes, including the Telephone Consumer Protection Act. Bochenek
       contends that, accordingly, the same analysis applies to coverage under both the Telephone
       Consumer Protection Act and the Consumer Fraud Act. Bochenek also notes that the
       Consumer Fraud Act states that violating certain other state statutes is a violation of the
       Consumer Fraud Act, and the list of these statutes indicates that the General Assembly
       thought that protecting consumers against improper telemarketing was a matter of concern
       and was covered by the Consumer Fraud Act.
¶ 33       Similar to our analysis of Bochenek’s claim under the Telephone Consumer Protection
       Act, we must determine whether the Consumer Fraud Act is associated with the control and
       use of personally identifiable financial, credit, or medical information. Section 2 of the
       Consumer Fraud Act prohibits “[u]nfair methods of competition and unfair or deceptive acts
       or practices, including *** the use or employment of any deception, fraud, false pretense,
       false promise, misrepresentation or the concealment, suppression or omission of any material
       fact” with the intent that someone rely on that concealment, suppression, or omission. 815
       ILCS 505/2 (West 2012). In addition, section 2Z of the Consumer Fraud Act provides that a
       knowing violation of certain other statutes, including the Automatic Telephone Dialers Act
       (815 ILCS 305/1 et seq. (West 2012)), the Telephone Solicitations Act (815 ILCS 413/1 et
       seq. (West 2012)), the Electronic Mail Act (815 ILCS 511/1 et seq. (West 2012)), the
       Internet Caller Identification Act (815 ILCS 517/1 et seq. (West 2012)), and the Personal
       Information Protection Act (815 ILCS 530/1 et seq. (West 2012)), are also violations of the
       Consumer Fraud Act. 815 ILCS 505/2Z (West 2012).
¶ 34       Under the Consumer Fraud Act, a party may recover for unfair as well as deceptive
       conduct. Robinson v. Toyota Motor Credit Corp., 201 Ill. 2d 403, 417 (2002). In determining
       whether a course of conduct or act is unfair, the Consumer Fraud Act “mandates that
       consideration shall be given to the interpretations of the Federal Trade Commission and the
       federal courts relating to Section 5(a) of the Federal Trade Commission Act.” (Internal
       quotation marks omitted.) Id. (quoting 815 ILCS 505/2 (West 1992)). In Federal Trade

                                                  -9-
       Comm’n v. Sperry & Hutchinson Co., 405 U.S. 233, 244 n.5 (1972), the United States
       Supreme Court cited with approval the factors that the Federal Trade Commission considers
       in determining whether a practice is unfair: (1) whether it offends public policy “as it has
       been established by statutes, the common law, or otherwise–whether, in other words, it is
       within at least the penumbra of some common-law, statutory, or otherwise established
       concept of unfairness; (2) whether it is immoral, unethical, oppressive, or unscrupulous;
       [and] (3) whether it causes substantial injury to consumers.” (Internal quotation marks
       omitted.) See also Robinson, 201 Ill. 2d at 417-18. Not all three criteria need to be satisfied
       for a practice to be found unfair. Id. at 418.
¶ 35       We agree with the circuit court that nothing in the plain language of the Consumer Fraud
       Act itself suggests that the statute is associated with personally identifiable financial, credit,
       or medical information. Bochenek also relies on a number of federal cases to contend that the
       Telephone Consumer Protection Act is one of the statutes that establishes practices offensive
       to public policy, and therefore the Consumer Fraud Act and the Telephone Consumer
       Protection Act share a purpose. This assertion does not help Bochenek because, as discussed
       above, the Telephone Consumer Protection Act is not associated with the control and use of
       personally identifiable financial, credit, or medical information. Therefore, a claim under the
       Consumer Fraud Act that in turn relies on the Telephone Consumer Protection Act is not
       covered under the Doctors Direct policy.
¶ 36       Another potential source for answering the question of whether the Consumer Fraud Act
       is associated with the control and use of personally identifiable financial, credit, or medical
       information is Bochenek’s reference to the other state statutes listed in section 2Z of the
       Consumer Fraud Act (815 ILCS 505/2Z (West 2012)) that, if violated, are also violations of
       the Consumer Fraud Act. We find that four of the statutes Bochenek lists suffer from the
       same problem as the Telephone Consumer Protection Act–they focus on the act of calling or
       reaching someone, as opposed to the control or use of personally identifiable financial, credit,
       or medical information. See the Automatic Telephone Dialers Act (815 ILCS 305/15, 30
       (West 2012) (prohibiting the use of an autodialer to place a telephone call between 9 p.m.
       and 9 a.m. and to play a prerecorded message placed by an autodialer without the consent of
       the third party)); the Telephone Solicitations Act (815 ILCS 413/15 (West 2012) (prohibiting
       the solicitation of goods or services by placing a telephone call between 9 p.m. and 8 a.m.));
       the Electronic Mail Act (815 ILCS 511/10 (West 2012) (prohibiting the sending of
       unsolicited electronic mail advertisements that use a third party’s Internet domain name
       without permission, otherwise misrepresent information in identifying an advertisement’s
       origin or transmission path, or contain false or misleading information in the subject line));
       the Internet Caller Identification Act (815 ILCS 517/10 (West 2012) (prohibiting the use of
       any Internet caller identification equipment or Internet phone equipment to make a particular
       number or name appear on the recipient’s caller identification system)).
¶ 37       We separately consider a different statute mentioned in section 2Z and noted by
       Bochenek–the Personal Information Protection Act (815 ILCS 530/1 et seq. (West 2012)).
       This statute requires entities, including privately and publicly held corporations and retail
       operators, that for any purpose, handle, collect, disseminate, or otherwise deal with nonpublic
       personal information to take certain steps in the event of a breach of the security of system
       data. 815 ILCS 530/5, 10 (West 2012). The statute defines “personal information” as
       someone’s first name or first initial and last name in combination with any one or more of the


                                                   - 10 -
       following: (1) social security number; (2) driver’s license number or state identification card
       number; and (3) account number or debit card number, or an account number or credit card
       number in combination with any required security code, access code, or password that would
       permit access to an individual’s financial account. 815 ILCS 530/5 (West 2012).
¶ 38        Despite the definition of “personal information” above, and that a violation of the
       Personal Information Protection Act is a violation of the Consumer Fraud Act under section
       2Z (815 ILCS 505/2Z (West 2012)), the Consumer Fraud Act is not associated with
       personally identifiable financial, credit, or medical information in this case. Again comparing
       the allegations of the underlying complaint to the policy language (Outboard Marine Corp.,
       154 Ill. 2d at 125), Bochenek made no mention of the Personal Information Protection Act in
       either of his federal complaints. The federal complaints also do not mention the kind of
       information in the Personal Information Protection Act that could be personally identifiable
       financial or credit information under the Doctors Direct policy. As a result, he has not alleged
       a claim under the Consumer Fraud Act that would be covered under the Doctors Direct
       policy.
¶ 39        Lastly, Bochenek challenges the circuit court’s alternative holding that he failed to
       establish “that the collection of names and telephone numbers implicates the control and use
       of personally identifiable financial, credit, or medical information.” Bochenek argues that
       being placed on a list of prospects for cosmetic surgery services conveys medical information
       about the people on the list, as well as financial information, since the services are costly.
¶ 40        As a preliminary matter, Doctors Direct asserts that Bochenek waived the argument that a
       list of prospects could be personally identifiable medical information. We disagree. In his
       response to Doctors Direct’s motion for judgment on the pleadings, Bochenek stated that the
       text messages associated a list of consumers and cellular telephone numbers with a
       “perceived need and ability to pay for cosmetic surgery products.” Bochenek further asserted
       in his response that “[b]eing identified as someone who might consume cosmetic surgery is
       as stigmatizing as being identified as part of a group that would participate in, for example,
       psychotherapy.” Bochenek also stated that “[a] list of persons believed to be prospects for
       medical procedures and their cell phone numbers is ‘personally identifiable financial, credit,
       or medical information.’ ” Later in his response, Bochenek again stated that “[a] list of
       persons who have been identified as prospects for costly Botox injections or cosmetic
       surgery services is ‘personally identifiable financial, credit or medical information.’ ” We
       find that Bochenek’s references to cosmetic surgery and medical information in his response
       to Doctors Direct’s motion for judgment on the pleadings were sufficient to preserve the
       argument that the list was personally identifiable medical information.
¶ 41        Moving to the merits of the question of whether the list here was “personally identifiable
       financial, credit, or medical information,” we first consider the allegations contained in
       Bochenek’s original federal complaint. In support of his argument, Bochenek relies primarily
       on Trans Union Corp. v. Federal Trade Comm’n, 245 F.3d 809 (D.C. Cir. 2001). At issue in
       Trans Union was whether target marketing products, which consisted of lists of names and
       addresses of people who met specific criteria, such as possession of a car loan, a department
       store credit card, or two or more mortgages, were consumer reports. Id. at 812. “Consumer
       reports” were defined as:
               “[a]ny written, oral, or other communication of any information by a consumer
               reporting agency bearing on a consumer’s credit worthiness, credit standing, credit

                                                  - 11 -
                 capacity, character, general reputation, personal characteristics, or mode of living
                 which is used or expected to be used or collected in whole or in part for the purpose
                 of serving as a factor in establishing the consumer’s eligibility for–
                         (A) credit or insurance to be used primarily for personal, family, or
                     household purposes;
                         (B) employment purposes; or
                         (C) any other purpose authorized under section 1681b of [the Fair Credit
                     Reporting Act].” Id.
¶ 42        Bochenek contends that because the target marketing products in Trans Union were
       consumer reports (id. at 815), a list of people who have engaged in some past transaction that
       resulted in their being considered likely candidates for plastic surgery services meets the
       broader standard of “personally identifiable financial, credit, or medical information.” We
       fail to see the analogy here. Trans Union dealt with an entirely different kind of list than the
       one at issue here and, moreover, was entirely irrelevant to the topic of personally identifiable
       medical information. Bochenek also cites to Trans Union’s statement that “[a]lthough target
       marketing lists contain only names and addresses, purchasers know that every person on a
       list has the characteristics they requested because Trans Union uses those characteristics as
       criteria for culling individual files from its database.” Id. at 812. Here, however, there was no
       information in the original federal complaint about how the telephone numbers were
       compiled–only that McAdoo sent unsolicited text messages about cosmetic surgery products.
       Bochenek further states that the fact that a medical practitioner compiles a list of people who
       meet certain criteria identified by the practitioner to make them likely prospects for treatment
       makes the list contain personally identifiable medical information. However, this definition
       of personally identifiable medical information is too broad and could turn any list of names
       and phone numbers into personally identifiable medical information as long as a doctor had
       the list.
¶ 43        We next address whether the additional allegation in Bochenek’s amended complaint that
       the fact that the list came from a spa made it personally identifiable medical information.1
       As noted above, Bochenek’s amended complaint added the allegation that McAdoo
       “obtained a list of personally identifiable financial, credit or medical information of
       customers from a spa–including their names and telephone numbers–without the customers’
       consent and used that personally identifiable information to send advertising text messages to
       those customers believing they would be likely to purchase cosmetic surgery products.” We
       find that the additional allegation does not change our analysis. Bochenek has failed to
       provide any support for the notion that the spa was a medical provider or released medical
       information about its customers to McAdoo. The amended complaint states that the
       information from the spa “[included] *** names and telephone numbers,” but does not
       elaborate further. As a result, Bochenek’s argument still hinges on the notion that McAdoo’s
       status as a doctor makes the list personally identifiable medical information, which as stated
       above, is insufficient. Regardless of whether we consider the original or amended complaint,

           1
            Interestingly, in a motion before this court, Bochenek stated that his “contention that the list
       contains medical information has consistently been rooted in the fact that the list was created by a
       surgeon to sell a medical service. The fact that the list was obtained from a spa served merely to
       establish the background of the claim and was irrelevant to the medical nature of the list.”

                                                    - 12 -
       Bochenek has failed to show that the list here was personally identifiable medical
       information.
¶ 44        In further support of his contention that the list here was personally identifiable financial
       or credit information, Bochenek relies on several FCC regulations, including section
       313.3(o)(1) of Title 16 (16 C.F.R. § 313.3(o)(1) (2012)), which defines “[p]ersonally
       identifiable financial information” as (1) information that a consumer provides to obtain a
       financial product or service, (2) information about a consumer resulting from any transaction
       involving a financial product or service, or (3) information otherwise obtained about a
       consumer in connection with providing a financial product or service to the consumer.
       “Personally identifiable financial information” includes the fact that someone has been a
       customer or has obtained a financial product or service. 16 C.F.R. § 313.3(o)(2)(i)(C) (2012).
       The problem here is that these regulations do not apply to the entities that Bochenek claims
       were involved in sending the text messages. The cited regulations apply to “financial
       institutions” and “other persons” over whom the Federal Trade Commission has enforcement
       authority pursuant to section 505(a)(7) of the Gramm-Leach-Bliley Act (16 C.F.R. § 313.1(b)
       (2012)), which Bochenek does not claim covers any entity involved here. Further, a
       “financial institution” is a business that engages in financial activity as described in section
       4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. § 1843(k) (2012)). 16 C.F.R.
       § 313.1(b) (2012). Subsection (k)(4) of the Bank Holding Company Act lists several
       financial activities, including lending money or securities, insuring against loss, issuing or
       selling instruments, and dealing in securities. 12 U.S.C. § 1843(k)(4) (2012). There is no
       evidence that McAdoo or any other entity involved in the text messages engaged in the listed
       financial activities and were therefore financial institutions. As a result, Bochenek’s cited
       regulations do not apply here and Bochenek has failed to show that the list of prospective
       customers for cosmetic surgery services was personally identifiable financial or credit
       information.
¶ 45        Overall, because the allegations in Bochenek’s federal complaints do not even potentially
       fall within the coverage of the Doctors Direct policy, Doctors Direct does not have a duty to
       defend or indemnify McAdoo in the federal lawsuit. See Crum & Forster Managers Corp. v.
       Resolution Trust Corp., 156 Ill. 2d 384, 398 (1993) (duty to defend is broader than duty to
       indemnify). Accordingly, the circuit court properly granted Doctors Direct’s motion for
       judgment on the pleadings.
¶ 46        For the foregoing reasons, the judgment of the circuit court is affirmed.

¶ 47      Affirmed.




                                                   - 13 -
