Corporations have a legal duty to properly collect and safeguard personal data. When they don’t, we’re here to help.
In today’s fast-paced world, valuable personal information is being collected by the second. And new ways to acquire this information is being developed all the time. Whether it’s credit card information, social security numbers, fingerprint scans, facial recognition, or something else, the vast majority of Americans have some personal data stored in cyberspace.
Personal information becomes vulnerable when corporations fail to safeguard it, and data breaches occur.
There are laws in place to protect personal information and recourse when not collected and stored properly.
The Illinois Biometric Information Privacy Act, or “BIPA”, was enacted to protect employee and consumer biometric data such as fingerprints, retina scans, voice recognition and facial imaging. All of this information is biologically unique to the individual; therefore, once compromised, an individual has no recourse and is at a heightened risk for identity theft and other misuse. This exposes employees and consumers to serious and irreversible privacy risks.
For example, if a fingerprint database is hacked, breached, or otherwise exposed in the same manner as the recent Equifax breach, employees have no means to prevent the misappropriation and theft of their own biometric makeup. Unlike social security numbers or other financial information, biometric data is part of a person’s physical being and cannot be changed.
Recognizing these risks, “BIPA” – one of the strongest state laws protecting individuals’ biometric data – achieves its goal by making it unlawful for business to, among other things, “collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifiers or biometric information, unless it first:
- Informs the subject in writing that a biometric identifier or biometric information is being collected or stored;
- Informs the subject in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and
- Receives a written release executed by the subject of the biometric identifier or biometric information.”
BIPA also establishes standards for how employers must handle Illinois citizens’ biometric identifiers and biometric information. For example, BIPA prohibits businesses from disclosing a person’s or customer’s biometric identifier or biometric information without first obtaining consent for that disclosures.
BIPA also prohibits selling, leasing, trading, or otherwise profiting from a person’s biometric identifiers or biometric information (740 ILCS 14/15(c)) and requires private entities to develop and comply with a written policy – made available to the public – establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting such identifiers or information has been satisfied or within three years of the individual’s last interaction with the private entity, whichever occurs first.
Finally, BIPA provides for statutory damages of $5,000 for each willful and/or reckless violation of BIPA or, in the alternative, statutory damages of $1,000 for each negligent violation.
Our firm is at the forefront of BIPA litigation to protect people’s biometric data and privacy. We have brought cases against employers and other retail business who have collected individual’s biometric data without properly safeguarding it.
We are not afraid of exposing corporate wrongdoing. Our track record of success speaks for itself. Our attorneys have represented and recovered financially for thousands of employees from some of the nation’s largest corporations.