In the past few months, dozens of class action lawsuits have been filed against companies operating in Illinois for alleged violations of the state’s Biometrics Information Privacy Act (BIPA), which requires covered businesses to provide certain notifications and obtain written consent before capturing an individual’s biometric data.
Biometrics are a way of identifying an individual by using biological characteristics such as fingerprints, eye scans, face scans, or voice scans. As businesses continue to increase their use of biometrics, these practices are coming under increasing scrutiny by critics who claim that they are subject to potential abuses that violate an individual’s personal privacy.
Although the Illinois law was enacted in 2008, class action lawyers have recently discovered that it provides fertile grounds for lawsuits, among other things allowing for a private right of action with set statutory damages of between $1,000 and $5,000 per violation. Practices that are being challenged in these suits include employers’ use of fingerprint-operated time clocks, alleging that employers are collecting and storing employees’ fingerprints without satisfying BIPA’s notice, disclosure, and consent requirements.
And although we are aware of only three states with laws that regulate the collection and storage of biometrics – Illinois, Texas, and Washington – as well as a New York law that protects employees from fingerprinting, it is only recently that the issue has drawn national attention as the result of the class action lawsuits being filed under the Illinois law. Accordingly, employers are well advised to take notice.
Members of the Center for Workplace Compliance (CWC) can read more here.