Biometric Information Privacy Act (BIPA)

More businesses are gathering what may be considered biometric information—including optical scans, facial recognition, fingerprints, and voiceprints—while legislators and regulatory agencies race to keep up. Do you understand the laws and regulations that apply to your business?

Our approach

Nixon Peabody’s Cybersecurity and Privacy attorneys track updates to the laws governing biometric information, following its evolution from a high-tech curiosity to an integral part of daily operations. We counsel companies as they update and optimize their policies to ensure compliance and reduce litigation risks.

Several states and cities have passed laws addressing biometric technologies, and similar legislation has been proposed across the country. Illinois’ Biometric Information Privacy Act (BIPA) is one of the first major examples. BIPA establishes standards for how companies collect, store, use, and share Illinois consumers’ biometric information. With fines up to $5,000 and a private right of action per infraction, potential BIPA violations are a critical concern for companies handling biometric information.


We have defended numerous clients in putative class actions alleging violations of the disclosure and consent requirements of BIPA, and have successfully resolved BIPA cases pre-suit. We can help you minimize exposure in costly BIPA litigation.


Proactive compliance with biometric laws and regulations can save you time, money, and stress. Our team tracks regulatory developments at all levels, so we can advise you with respect to regulatory risks related to biometric technologies and data, and update your policies to ensure compliance.

Who we work with

Businesses operating in regulated industries that deliver products or services, including:

  • Companies offering or using biometric technology
  • Hardware and software providers
  • Health and life sciences companies
  • Manufacturing companies
  • Retailers and franchisors
  • Seniors and assisted living facilities

Additional consumer privacy law experience

We have experience with complex consumer privacy, data protection, and security laws impacting businesses nationwide, including, among others:

  • Telephone Consumer Protection Act (TCPA)
  • Illinois Biometric Privacy Act (BIPA)
  • California Consumer Privacy Act (CCPA)
  • EU General Data Protection Regulation (GDPR)
  • Computer Fraud and Abuse Act (CFAA)
  • Federal Trade Commission Act (FTC Act)
  • Fair Credit Reporting Act (FCRA)
  • Fair and Accurate Credit Transactions Act (FACTA)
  • Fair Debt Collection Practices Act (FDCPA)
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
  • Children’s Online Privacy Protection Rule (COPPA)
  • Video Privacy Protection Act (VPPA)
  • Credit Card Accountability Responsibility and Disclosure Act (Credit CARD Act)
  • Driver’s Privacy Protection Act (DPPA)
  • Freedom of Information Act (FOIA)
  • Federal Trade Commission (FTC) and Federal Communications Commission (FCC) regulations
  • State consumer protection laws in all 50 states, the District of Columbia, and Puerto Rico

Illinois Workers’ Comp Law Doesn’t Pre-Empt Biometric Privacy Claim

HR Magzine | September 28, 2020

Chicago Complex Commercial Disputes partners Rich Tilghman and John Ruskusky, and associate Henry Caldwell contributed this article, based on their recent blog post, on the rise in putative class actions in Illinois by employees against entities that employ biometric technology.

Biggest Illinois Decisions So Far in 2020: Midyear Report

Law360 | July 16, 2020

This article includes commentary from Chicago Complex Commercial Disputes partners John Ruskusky and Seth Horvath on some of the most noteworthy Illinois decisions thus far in 2020. John discusses a decision related to the Illinois Biometric Information Privacy Act, while Seth comments on a decision regarding parents suing paint makers for children’s lead test costs, as well as a ruling on a record destruction provision in the Chicago police union contract.

What’s Next: Why Facebook’s $550M biometrics settlement isn’t a huge deal

The American Lawyer | February 05, 2020

This article features Chicago Complex Commercial Disputes partners John Ruskusky and Richard Tilghman analyzing Facebook’s recent $550 million settlement in a class action suit alleging violations of Illinois’ Biometric Information Privacy Act.

Keep up with laws developing to protect our consumer data

Rochester Business Journal | November 15, 2019

In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.

Ruling against Facebook could propel additional biometric lawsuits

Business Insurance Magazine | August 20, 2019

In this article, Chicago Complex Commercial Disputes partner Rich Tilghman discusses the impact of a recent Ninth Circuit ruling recognizing the plaintiffs’ standing in a class action suit accusing Facebook of violating Illinois’ biometric law through its use of facial recognition technology.

Back to top