Articles & Publications 08.31.23

Employee Biometric Data Case Shows Possible Risks and Exposures, Published in Bloomberg Law

In an article published on 8/31 in Bloomberg Law, Segal McCambridge Shareholder Joseph Kish and Senior Associate Erica Bury discuss the financial ramifications companies face if they improperly retain biometric information, especially under Illinois’ Biometric Information Privacy Act (BIPA). While the Northern District of Illinois recently vacated a $228 million damages award in Rogers v. BNSF Railway, Co., a new jury trial ordered in the case might reach a similarly expensive conclusion. The original case was brought by truck drivers who claimed BNSF required them to illegally scan their fingerprints to access a job site.

“To avoid the potential for significant damages, all affected entities should note their obligations under BIPA and implement a proactive plan to minimize the risk of violations and the potential for large damages claims,” write Kish and Bury. “If an affected entity possesses relevant information, it should develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric data.”

The authors advise assessing whether an entity possesses biometric data and, if so, developing a written policy about when this data will be destroyed—and making this policy public. The entity must also provide written notice to individuals whose biometric data it has collected or stored.

“To further prevent violations and statutory damages, entities need to store, transmit, and protect from disclosure the biometric data using the reasonable standard of care within the entity’s industry, and do so in a manner similar to how they handle other confidential and sensitive information,” Kish and Bury write. “These steps will go a long way to avoid liability under BIPA and minimize potential damages.”

Read the story in full; click here.