This summer, the U.S. District Court for the Southern District of Illinois further bolstered Illinois’ Biometric Information Privacy Act’s (BIPA) nearly unfettered private right of action in Lewis v. Maverick Transportation. In a simple but firm four-page ruling, Judge Rosenstengel denied the defendant’s motion to dismiss, holding that a cause of action under BIPA does not require a plaintiff to plead that data collected is used for identification purposes. The ruling serves to highlight the apparent lack of any real technical defenses to the statute — making it imperative that companies focus on strict compliance before they find themselves in court.Continue Reading Illinois Court Eliminates Another BIPA Defense

Q: Does a BIPA claim accrue each time a person’s biometrics are scanned or only with the first such scan?

A: A BIPA claim accrues with each scan.

On February 17, the Illinois Supreme Court issued its long-awaited decision in Cothron v. White Castle, holding that a claim under Illinois’ Biometric Information Privacy Act (BIPA) is triggered upon each biometric scan, rather than just the first. The court’s 4-3 decision significantly expands the exposure BIPA defendants face.Continue Reading Illinois Supreme Court Rules BIPA Claims Accrue With Each Scan

Q: What states have biometric laws and what does this mean for my company?

A. Introduction: Biometric Laws in 2022

In the first quarter of 2022 alone, no fewer than seven states have introduced biometric laws — California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York — generally based on Illinois’ Biometric Information Privacy Act (BIPA). Currently, only Illinois, Texas, and Washington have enacted biometric laws, and only the Illinois law provides individuals with a private right of action. While California’s Consumer Privacy Act (CCPA) covers the protection of biometric data, the act only provides a private right of action where the information was involved in an unauthorized exposure as a result of the business’ failure to implement and maintain reasonable security procedures and the business’ failure to take certain steps after receiving a consumer request.Continue Reading A Fresh “Face” of Privacy: 2022 Biometric Laws

Q. Does the Workers’ Compensation Act bar a claim for damages under Illinois’ Biometric Privacy Act (BIPA)?

A. The Illinois Supreme Court recently issued an opinion, finding that the Workers’ Compensation Act does not bar a claim for damages under BIPA.Continue Reading Illinois Supreme Court Rules on Workers’ Compensation Act and BIPA

Q. My company uses dash-cams to monitor driver conduct, but the company is not located in Illinois. Do I still have to comply with the Biometric Information Privacy Act?

A. Yes, as long as the company has drivers who are Illinois residents, you must comply with BIPA. The good news, however, is that as long as your company fully complies with the statute, it can continue to use telematics.Continue Reading Drivers’ Telematics Violates BIPA

Q.  What are my company’s obligations under the California Consumer Privacy Act?

A. The California Consumer Privacy Act (CCPA) will take effect on January 1, 2020. On or before that date, businesses that employ California residents, retain California residents as independent contractors, or receive job applications from California residents must provide those individuals with notices

Q.  Can my Company institute a timekeeping system that uses fingerprints to track time?

A. Employers increasingly maintain timekeeping systems that require employees to clock in and out of work using their fingerprints to reduce the risk of coworkers clocking in for each other (so-called “buddy punching”) and to increase the accuracy of time reporting.