Many businesses operating in the state of Illinois have come to the hard realization that a once little-noticed law enacted by the state legislature in 2008 is now generating class action lawsuits that are costing employers millions of dollars in damages for mere technical violations, with no let up in sight.
Illinois’ 2008 Biometric Information Privacy Act (BIPA) requires that if an employer uses an employee’s biometric information (e.g., using a fingerprint scan to record time), the employer must obtain a written release from the employee as a condition of employment and must create a policy about retention/destruction of the collected data. And while a few other states, including New York, Texas, and Washington, also have restrictions on the collection of certain biometric information, these states do not provide individuals with a private right of action. New York City’s new biometric privacy law, which went into effect on July 9, 2021, does contain a private right of action, but only applies to customers at places of entertainment, retail stores, and food/drink establishments.
Members of the Center for Workplace Compliance (CWC) can read more here.