Enacted unanimously in 2008, Biometric Information Privacy Act (BIPA) protects employee and consumer biometric data such as fingerprints, retina scans, voice recognition and facial imaging. All of this information is biologically unique to the individual; therefore, once compromised, an
individual has no recourse and is at a heightened risk for identity theft and other misuse.
This exposes employees and consumers to serious and irreversible privacy risks.
For example, if a fingerprint database is hacked, breached, or otherwise exposed in the same manner as the data breaches experienced by Yahoo, Equifax, Facebook and First American Financial Corp., to name just a few, victims have no way to prevent the misappropriation and theft of their own biometric makeup. Unlike social security numbers, credit card numbers or other financial information, biometric data is part of a person’s physical being and impossible to change – an alarming reality, especially considering that a black market already exists for biometric data.
Recognizing these risks, BIPA – one of the strongest state laws protecting individuals’ biometric data – achieves its goal by making it unlawful for business to, among other things, “collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifiers or biometric information, unless it first:
- Informs the subject in writing that a biometric identifier or biometric information
is being collected or stored; - Informs the subject in writing of the specific purpose and length of term for which
a biometric identifier or biometric information is being collected, stored, and used;
and - Receives a written release executed by the subject of the biometric identifier or
biometric information.” (See more here).
BIPA also establishes standards for how employers must handle Illinois citizens’
biometric identifiers and biometric information. For example, BIPA prohibits businesses
from disclosing a person’s or customer’s biometric identifier or biometric information
without first obtaining consent for that disclosure.
BIPA also prohibits selling, leasing, trading, or otherwise profiting from a person’s biometric identifiers or biometric information and requires private entities to develop and comply with a written policy – made available to the public – establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting such identifiers or information has been satisfied or within three years of the individual’s last interaction with the private entity, whichever occurs first.
Finally, BIPA provides for statutory damages of $5,000 for each willful and/or reckless violation of BIPA or, in the alternative, statutory damages of $1,000 for each negligent violation.
Our firm is at the forefront of BIPA litigation to protect people’s biometric data and privacy. We have successfully brought numerous class actions against employers and other corporations which have collected individual’s biometric data without complying with the law.
We’re not afraid of exposing corporate wrongdoing. Our track record of success speaks for itself. Out attorneys have represented and helped recover more than $250 Million for tens of thousands of individuals who have been aggrieved.
If you believe your fingerprints, facial geometry or other biometric information was unlawfully collected and want more information on your rights, please contact us.