Biometrics such as fingerprints, retina scans, voice recognition and facial imaging are biologically unique to each individual; therefore, once compromised, an individual has no recourse and is at a heightened risk for identity theft. This exposes employees and consumers to serious and irreversible privacy risks.
For example, if a fingerprint database is hacked, breached, or otherwise exposed in the same manner as the recent Equifax breach, employees have no means to prevent the misappropriation and theft of their own biometric makeup. Unlike social security numbers or other financial information, biometric data is part of Plaintiffs’ physical being and cannot be changed.
Recognizing these risks, Illinois has enacted the Biometric Information Privacy Act “BIPA” – one of the strongest state laws protecting individuals’ biometric data.
BIPA achieves its goal by making it unlawful for business to, among other things, “collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifiers or biometric information, unless it first:
- Informs the subject in writing that a biometric identifier or biometric information is being collected or stored;
- Informs the subject in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and
- Receives a written release executed by the subject of the biometric identifier or biometric information.”
BIPA also establishes standards for how employers must handle Illinois citizens’ biometric identifiers and biometric information. For example, BIPA prohibits businesses from disclosing a person’s or customer’s biometric identifier or biometric information without first obtaining consent for that disclosures.
BIPA also prohibits selling, leasing, trading, or otherwise profiting from a person’s biometric identifiers or biometric information (740 ILCS 14/15(c)) and requires private entities to develop and comply with a written policy – made available to the public – establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting such identifiers or information has been satisfied or within three years of the individual’s last interaction with the private entity, whichever occurs first.
Finally, BIPA provides for statutory damages of $5,000 for each willful and/or reckless violation of BIPA or, in the alternative, statutory damages of $1,000 for each negligent violation.
Our firm is at the forefront of BIPA litigation to protect people’s biometric data and privacy.
We have brought cases against employers and other retail business who have collected individual’s biometric data without properly safeguarding it. Some of our cases include businesses failing to comply with BIPA regarding employee thumb scans used for timekeeping purposes and/or companies alleging violations related to their facial recognition payment system.
We represent employees and consumers in complaints filed against:
- ABT Electronics – Abra Auto Body & Glass – Accurate Staffing – ADP – Albertsons Companies – All-Star, Inc. – America’s Auto Auction – American Louver – Anixter – Applied Acoustics – Art Van Furniture – Ava
- Barton Healthcare – Becton Dickenson -Bimbo Bakeries – Black Horse Carriers
- Dakota Integrated Systems- Daley’s Medical Transport – Dial Retirement Communities – DoubleTree – DPI*
- East Lake Management – Elite Labor Services – Estates of Hyde Park
- Farmington Foods – Fieldwork Marketing Research – Finkl Steel – Flexicorps – Focal Point Exports – Four Seasons Hotels
- Grand Victoria – Griffith Foods
- Hearthside Food Solutions – Heritage Health – Hixon Lumber Supply – Holiday Inn
- International Hotel Groups – Imperial Towers – Ingalls Memorial Hospital
- Jackson Park Supportive Living – Jumio – Juul Labs
- KIK Custom Products – Kronos
- Lathem Time Company – Lazer Spot – Lexingto Health Care Center – Loews Hotel – Lydia Healthcare
- Mariano’s – Marriott – Mercy Hospital – Midcon Hospitality – Midwest Time Recorder – Morgan Services
- Nemera – New World Van Lines – NFI – Northshore University Health System – Norwood Crossing – Northwestern Lake Forest Hospital – Novatime Technology
- OmniCell – Osco
- Parc at Joliet – Pearson Value – Pete’s Fresh Market – Plymoth Place, PolarTech – Power Solutions International
- Rich Products – Riveredge Hospital – Roosevelt University
- Silver Cross Hospital – Smith Senior Living* – South Holland Home – Southwest Airlines – Speedway Gas Stations – Springhill Hotel – St. Anthony Hospital – St. Bernard Hospital – Summit Staffing
- TM Healthcare – TOMS King – Tony’s Fresh Market – Triad Senior Living
- United Facilities – University of Chicago Medical Center
Most recently in a unanimous opinion, the Illinois Supreme Court held – as Stephan Zouras, LLP has always maintained – that individuals need not allege “actual injury” to recover damages for the unlawful procurement of biometric data, including through fingerprint scans in the workplace.
In the wake of the Illinois Supreme Court ruling, Stephan Zouras, LLP is actively litigating over 100 pending class actions under BIPA.
If you believe your biometric data has not been properly safeguarded by your employer or other business or has been compromised and/or want more information on your rights, please contact us.
*These cases have been successfully settled.