Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About

Trending Topics

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni

    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor & Employment
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations

    Industries

    View All

    • Cannabis
    • Consumer
    • Energy
    • Entertainment
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Non Profit
    • Real Estate
    • Technology

    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    1. Home
    2. Insights
    3. Alerts
    4. Illinois Appellate Court rules that BIPA claims accrue at each collection of biometric informationAlerts

    Alert / Cybersecurity & Privacy Alert

    Illinois Appellate Court rules that BIPA claims accrue at each collection of biometric information

    Dec 17, 2021

    Share

    By Richard Tilghman IV, John Ruskusky and Laura Bacon

    The latest ruling addresses an important issue on the accrual of claims for statute of limitations purposes and should serve as a reminder for companies to review their policies and procedures regarding collection of biometric data.

    What’s the Impact?

    • The extent of monetary liability in BIPA cases remains uncertain—while the interpretation of when claims accrue may appear favorable to plaintiffs, the court’s analysis indicates that monetary relief is discretionary and not mandatory
    • Companies should review their policies and procedures in light of the court’s commentary that violations can occur not only on the first collection of biometric information but on all future collections

    On December 15, 2021, the Illinois Appellate Court issued a decision of significant importance to the many cases filed under the strictest biometric privacy law in the United States, Illinois’s Biometric Information Privacy Act (BIPA). In Watson v. Legacy Healthcare Financial Services, LLC,[1] the plaintiff, a nursing assistant employed by multiple affiliated skilled nursing facilities, first used an alleged biometric scanner to clock in and out of work in 2012, more than five years before filing his complaint under BIPA. He alleged that the defendants collected his biometric information without complying with BIPA’s requirements to provide notice and obtain informed written consent and without having a publicly available policy governing the retention and destruction of biometric data. Relying on BIPA’s provision that an entity may not collect biometric information “without first” providing notice and obtaining consent, the trial court determined that plaintiff’s claims accrued when his information was first collected in 2012 and dismissed plaintiff’s claim under a five-year statute of limitations period.

    The plaintiff appealed to the Illinois Appellate Court. After walking through the applicable tenets of statutory construction, including applying dictionary definitions to some of BIPA’s operative terms, the court held that BIPA claims accrue anew at each collection of biometric information, not merely upon the first collection. The court reasoned that “the plain language of the statute establishes that it applies to each and every capture and use of plaintiff’s fingerprint or hand scan.”

    In so holding, the court refused to address the defendants’ argument that an accrual rule based on each collection would result in multiple violations per plaintiff and ruinous liability based on BIPA’s provision that allows statutory damages of $1,000 or $5,000 for “each violation.” Still, the court was clear that it was only deciding whether the complaint survived a motion to dismiss, not any questions regarding whether each instance involved a new “collection” or BIPA’s damages provisions. Nonetheless, in rejecting the defendants’ argument that all of the requirements for the suit were satisfied at the first collection of biometric information, such that the plaintiff’s BIPA claim accrued at that time, the court noted that the defendants’ argument “overlooks all the ensuing times defendants violated the statute by” collecting and using plaintiff’s biometric information, thereby suggesting that each collection constituted a separate violation.

    While the plaintiff’s bar will likely cite this language as support for the notion that each collection of biometric information creates a separate claim for damages, the court included in a footnote an important point about BIPA’s statutory damages that has received little attention in current BIPA case decisions, which is that a prevailing BIPA plaintiff “may recover” monetary relief for each violation. Invoking this language, the court noted: “Although we do not address the issue of damages for the reasons already explained above, we observe that damages are discretionary, not mandatory. The Act introduces a list of possible damages with the statement that this list constitutes what a ‘prevailing party may recover.’” (emphasis in original). Thus, the defense bar will cite this language in support of the position that, no matter the number of alleged violations, the monetary liability imposed by BIPA is optional, not mandatory, and within the discretion of the court. This footnote adds even more uncertainty to the fate of BIPA cases moving forward and may further push existing BIPA litigants—plaintiffs and defendants alike—to settle their claims in the face of this additional uncertainty.

    Based on the language in Watson indicating that BIPA compliance is required at each collection, this decision also warrants a further review by companies that may collect or receive biometric information to ensure that their policies and procedures are fully compliant with BIPA.


    1. Watson v. Legacy Healthcare Financial Services, LLC, 2021 IL App (1st) 210279.
      [Back to reference]
    Cybersecurity

    Locations

    Chicago

    Practices

    Cybersecurity & PrivacyBiometric Information Privacy Act (BIPA)

    Insights And Happenings

    • Alert

      36 hours: What banks should know about the upcoming compliance deadline for reporting computer security incidents

      Feb 16, 2022
    • Alert

      FBI issues stark warning to hospitals regarding ransomware attacks

      Feb 14, 2022
    • Press Release

      Nixon Peabody selects John Ruskusky as leader of the firm’s Complex Disputes practice

      Feb 7, 2022

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • © 2023 Nixon Peabody. All rights reserved
    • Privacy Policy
    • Terms of Use
    • Statement of Client Rights
    • Supplier Diversity Program
    • Nixon Peabody International LLC
    • PAL