AI is unavoidable these days. In this episode of Hiring to Firing, hosts Tracey Diamond and Emily Schifter delve into what employers need to know about it, joined by their Troutman Pepper Locke partner, Brett Mason, who hosts The Good Bot podcast focusing on the intersection of AI, health care, and the law. They discuss the transformative potential and inherent risks of AI in the workplace, along with some lessons from the movie I, Robot, including how employers (and their employees) are using AI, as well as the potential legal risks associated with it, including discrimination, attorney-client privilege, and data privacy considerations. Tune in to learn about the latest developments in AI, the importance of understanding AI systems, and how to mitigate risks associated with their use in employment settings.

This summer, the U.S. District Court for the Southern District of Illinois further bolstered Illinois’ Biometric Information Privacy Act’s (BIPA) nearly unfettered private right of action in Lewis v. Maverick Transportation. In a simple but firm four-page ruling, Judge Rosenstengel denied the defendant’s motion to dismiss, holding that a cause of action under BIPA does not require a plaintiff to plead that data collected is used for identification purposes. The ruling serves to highlight the apparent lack of any real technical defenses to the statute — making it imperative that companies focus on strict compliance before they find themselves in court.

Q: Does a BIPA claim accrue each time a person’s biometrics are scanned or only with the first such scan?

A: A BIPA claim accrues with each scan.

On February 17, the Illinois Supreme Court issued its long-awaited decision in Cothron v. White Castle, holding that a claim under Illinois’ Biometric Information Privacy Act (BIPA) is triggered upon each biometric scan, rather than just the first. The court’s 4-3 decision significantly expands the exposure BIPA defendants face.

Q: What states have biometric laws and what does this mean for my company?

A. Introduction: Biometric Laws in 2022

In the first quarter of 2022 alone, no fewer than seven states have introduced biometric laws — California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York — generally based on Illinois’ Biometric Information Privacy Act (BIPA). Currently, only Illinois, Texas, and Washington have enacted biometric laws, and only the Illinois law provides individuals with a private right of action. While California’s Consumer Privacy Act (CCPA) covers the protection of biometric data, the act only provides a private right of action where the information was involved in an unauthorized exposure as a result of the business’ failure to implement and maintain reasonable security procedures and the business’ failure to take certain steps after receiving a consumer request.

Q. My company uses dash-cams to monitor driver conduct, but the company is not located in Illinois. Do I still have to comply with the Biometric Information Privacy Act?

A. Yes, as long as the company has drivers who are Illinois residents, you must comply with BIPA. The good news, however, is that as long as your company fully complies with the statute, it can continue to use telematics.

Q.  What are my company’s obligations under the California Consumer Privacy Act?

A. The California Consumer Privacy Act (CCPA) will take effect on January 1, 2020. On or before that date, businesses that employ California residents, retain California residents as independent contractors, or receive job applications from California residents must

Q.  Can my Company institute a timekeeping system that uses fingerprints to track time?

A. Employers increasingly maintain timekeeping systems that require employees to clock in and out of work using their fingerprints to reduce the risk of coworkers clocking in for each other (so-called “buddy punching”) and to increase