Photo of Molly DiRago

Molly litigates complex commercial matters, focusing on biometrics and privacy, class actions, partnership and shareholder disputes, and consumer fraud. Molly takes a results-oriented approach and finds creative solutions for her clients, whether through litigation or extrajudicial procedures.

This summer, the U.S. District Court for the Southern District of Illinois further bolstered Illinois’ Biometric Information Privacy Act’s (BIPA) nearly unfettered private right of action in Lewis v. Maverick Transportation. In a simple but firm four-page ruling, Judge Rosenstengel denied the defendant’s motion to dismiss, holding that a cause of action under BIPA does not require a plaintiff to plead that data collected is used for identification purposes. The ruling serves to highlight the apparent lack of any real technical defenses to the statute — making it imperative that companies focus on strict compliance before they find themselves in court.

On March 1, New York City’s “revival window” opens for survivors of gender-motivated violence. The revival window, also referred to as a “lookback period,” runs until March 1, 2025, providing survivors with two years to bring civil claims against “a party who commits, directs, enables, participates in, or conspires in the commission of a crime of violence motivated by gender,”[1] including previously time-barred claims.

Q: Does a BIPA claim accrue each time a person’s biometrics are scanned or only with the first such scan?

A: A BIPA claim accrues with each scan.

On February 17, the Illinois Supreme Court issued its long-awaited decision in Cothron v. White Castle, holding that a claim under Illinois’ Biometric Information Privacy Act (BIPA) is triggered upon each biometric scan, rather than just the first. The court’s 4-3 decision significantly expands the exposure BIPA defendants face.

On November 24, New York’s Adult Survivors Act “revival window” is set to open for adult victims of sexual abuse. Revival windows, also called “lookback periods,” provide a limited period, usually at least one year, for sexual abuse victims to file otherwise time-barred civil claims. New York previously opened a revival window for minor victims of sexual abuse under its 2019 Child Victim’s Act, which closed in August 2021.

Q: What is New York’s Adult Survivors Act?

On May 24, New York State enacted the Adult Survivors Act, which provides a one-year “revival window,” commencing on November 24, 2022, for adult victims of sexual abuse. Enactment of such “revival statutes” (a/k/a revival window or lookback period statutes) is the latest trend for #MeToo era legislatures grappling with shifting societal views of limitations periods for sexual abuse claims. Although the parameters of revival statutes can differ, essentially, they provide a limited period, usually at least one year, for sexual abuse victims to file civil claims that would otherwise be time-barred. Often these statutes also include prospective enlargements of civil and criminal limitations periods or otherwise expand the scope of potential liability going forward. In recent years, nearly half of U.S. state legislatures have passed laws opening revival windows for sexual abuse cases.

Q: What states have biometric laws and what does this mean for my company?

A. Introduction: Biometric Laws in 2022

In the first quarter of 2022 alone, no fewer than seven states have introduced biometric laws — California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York — generally based on Illinois’ Biometric Information Privacy Act (BIPA). Currently, only Illinois, Texas, and Washington have enacted biometric laws, and only the Illinois law provides individuals with a private right of action. While California’s Consumer Privacy Act (CCPA) covers the protection of biometric data, the act only provides a private right of action where the information was involved in an unauthorized exposure as a result of the business’ failure to implement and maintain reasonable security procedures and the business’ failure to take certain steps after receiving a consumer request.

Q. My company uses dash-cams to monitor driver conduct, but the company is not located in Illinois. Do I still have to comply with the Biometric Information Privacy Act?

A. Yes, as long as the company has drivers who are Illinois residents, you must comply with BIPA. The good news, however, is that as long as your company fully complies with the statute, it can continue to use telematics.