Companies across the country use biometric data like fingerprint scans for daily operations. But federal regulations have not provided clear guidance related to this technology. As the use of biometric data becomes increasingly popular, more states have begun passing legislation to address these issues.
Illinois was one of the first states to enact such a law with the Biometric Information Privacy Act (BIPA). BIPA allows a private right of action with statutory fines of up to $1,000 (for each negligent violation) and $5,000 (for each reckless or intentional violation), plus attorneys’ fees. Plaintiffs have filed more than 300 proposed class action lawsuits asserting BIPA claims since 2017. While the vast majority of these cases allege that employers used employee fingerprints for timekeeping purposes without appropriate disclosures and consent, other filed claims involve different uses of biometric information, including eye scans, face scans, hand scans, and voice recordings.
In 2019, the Illinois Supreme Court ruled in Rosenbach v. Six Flags Entertainment Corp. that BIPA claimants do not need to allege actual harm to receive statutory damages.This decision emboldened existing plaintiffs and led to even more BIPA lawsuits. BIPA can affect any company doing business in Illinois that collects, stores or uses biometric information, whether that of its employees, customers, guests or visitors.
We assist companies with employees and operations in Illinois, as well as entities outside Illinois that work with organizations in the state. Our attorneys have tracked BIPA updates over the years and can help clients update their policies to ensure compliance with the statute and reduce risks of BIPA litigation.
If a lawsuit looms or ensues, we work with clients to aggressively and practically handle the matter. We are currently defending several clients in putative class actions alleging violations of the disclosure and consent requirements of BIPA and have successfully resolved BIPA cases pre-suit. We understand this law and can help you minimize exposure in costly BIPA litigation.
Businesses operating in regulated industries that deliver products or services, including:
We have experience with complex consumer privacy, data protection and security laws impacting businesses nationwide, including, among others:
The American Lawyer | February 05, 2020
This article features Chicago Complex Commercial Disputes partners John Ruskusky and Richard Tilghman analyzing Facebook’s recent $550 million settlement in a class action suit alleging violations of Illinois’ Biometric Information Privacy Act.
Rochester Business Journal | November 15, 2019
In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.
Business Insurance Magazine | August 20, 2019
In this article, Chicago Complex Commercial Disputes partner Rich Tilghman discusses the impact of a recent Ninth Circuit ruling recognizing the plaintiffs’ standing in a class action suit accusing Facebook of violating Illinois’ biometric law through its use of facial recognition technology.
Rochester Business Journal | January 25, 2019
Rochester Corporate partner Jeremy Wolk wrote this contributed column analyzing a lawsuit filed against Facebook in Washington, DC, alleging violations of state-level consumer protection laws by the social media company. This article incorporates perspective from an alert written by Washington Complex Commercial Disputes associate Brian Donnelly, Rochester Corporate associate Jenny Holmes, and Los Angeles Government Investigations & White Collar Defense associate Karina Puttieva.
Los Angeles/San Francisco Daily Journal | January 23, 2019
Los Angeles Government Investigations and White Collar Defense partner Jason Gonzalez and associate Karina Puttieva co-wrote this contributed article identifying issues with the “remarkably unclear” California Consumer Privacy Act, a measure passed last year that regulates large businesses businesses who buy, sell or share consumers’ personal information.
Data Privacy | 03.26.20
Data Privacy | 03.18.20
Privacy Alert | 01.30.20
Food, Beverage & Agribusiness Alert | 01.02.20
NP Privacy Partner | 11.22.19
NP Privacy Partner | 10.18.19
Commercial Litigation Alert | 08.12.19
06.06.19 | Chicago, IL