Another BIPA Violation Alleged in Illinois

Biometric technology, such as fingerprint scans and facial recognition, is becoming more common as a way for users to access bank accounts or post on social media sites. Similarly, it is also being used in many industries to replace timecards for employees who clock in and out at their workplace. In response to the increased use of biometric information, the Illinois legislature passed BIPA in 2008. The Act recognizes that, unlike other identifiers that can easily be changed when compromised, biometrics are “unique to that individual; therefore, once compromised, the individual has no recourse.” 740 ILCS 14/5(c). In light of this concern, the statute seeks to regulate how biometric information is collected, stored, and used. Id.

In January 2019, the Illinois Supreme Court held that an individual alleging a BIPA violation does not need to prove actual harm to recover; rather, a technical violation of the Act alone is enough to constitute standing. Stacy Rosenbach v. Six Flags Entertainment Corporation, Case No. 2019 IL 123196 (Ill. 2019). When coming to its decision, the court found persuasive the General Assembly’s intent when creating the Act, recognizing “the difficulty in providing meaningful recourse once a person’s biometric identifiers or information has been compromised.” Id. at ¶ 35. Essentially, once a BIPA violation occurs, an individual’s injury is already “real and significant” because “the right of the individual to maintain [his or] her biometric privacy vanishes into thin air.” Id. at ¶ 34.

An increased number of lawsuits have been filed since the Rosenbach court decided plaintiffs can recover for technical violations alone under BIPA. In his suit, Lydon alleges Fillmore never provided its employees with the legally necessary disclosures to obtain written consent in order to collect and share biometric information, as required by BIPA. In fact, the suit alleges that “[t]o this day, plaintiff is unaware of the status of his biometrics obtained by defendant . . . Defendants have not informed plaintiff whether they still retain his biometrics, and if they do, for how long they intend to retain such information without his consent.” Lydon, 2019-CH-05679. Lydon’s suit seeks damages and injunctive relief requiring Fillmore to distribute the BIPA-mandated informational material.

The scope of BIPA and how far it will be used to protect individuals’ biometric information in Illinois has not yet been clearly established. To ensure companies are not caught up in a lawsuit of their own, they must be cognizant of the current law, the courts’ interpretations of the law, and provide their employees with written policies satisfying the BIPA requirements.

Photo: iStock.com/undefined undefined

Featured News

Key Updates for USEF Rules Effective April 1, 2025, Published in Elite Equestrian

CRE Challenges Demand New Lease And Development Plans, Published in Law360

Going to the Dogs: New York Court of Appeals Opens Door to Animal Negligence Claims

Segal McCambridge Successfully Defends Porsche in Connecticut Warranty Dispute

Third DCA Reaffirms the Longstanding Playbook on Contract Damages

The Key Role of Certificates of Merit in Defending Professional Liability Claims against Architects and Engineers