Stephan Zouras, LLP represents Conrad Hilton employees who have joined together to protect their biometric data. On November 30, 2017, we filed a class action lawsuit against Hilton Illinois, LLC and Conrad Chicago, LLC to redress the company’s unlawful collection of employee biometric data.
Plaintiffs contend that Conrad Hilton violated the Illinois Biometric Information Privacy Act, or ‘BIPA,’ by collecting and storing employee fingerprint data without their consent.
Biometrics such as fingerprints, retina scans, voice recognition and facial imaging are biologically unique to each individual; therefore, once compromised, an individual has no recourse and is at a heightened risk for identity theft. This exposes employees and consumers to serious and irreversible privacy risks.
For example, if a fingerprint database is hacked, breached, or otherwise exposed in the same manner as the recent Equifax breach, employees have no means to prevent the misappropriation and theft of their own biometric makeup. Unlike social security numbers or other financial information, biometric data is part of Plaintiffs’ physical being and cannot be changed.
Recognizing these risks, Illinois has enacted the Biometric Information Privacy Act “BIPA” – one of the strongest state laws protecting individuals’ biometric data. BIPA achieves its goal by making it unlawful for business to, among other things, “collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifiers or biometric information, unless it first:
- Informs the subject . . . in writing that a biometric identifier or biometric information is being collected or stored;
- Informs the subject . . . in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and
- Receives a written release executed by the subject of the biometric identifier or biometric information.”
BIPA also establishes standards for how employers must handle Illinois citizens’ biometric identifiers and biometric information. For example, BIPA prohibits businesses from disclosing a person’s or customer’s biometric identifier or biometric information without first obtaining consent for that disclosures.
BIPA also prohibits selling, leasing, trading, or otherwise profiting from a person’s biometric identifiers or biometric information (740 ILCS 14/15(c)) and requires private entities to develop and comply with a written policy – made available to the public – establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting such identifiers or information has been satisfied or within three years of the individual’s last interaction with the private entity, whichever occurs first.
Finally, BIPA provides for statutory damages of $5,000 for each willful and/or reckless violation of BIPA or, in the alternative, statutory damages of $1,000 for each negligent violation.
Our firm is at the forefront of BIPA litigation to protect the biometric data and privacy of employees and consumers. We have brought numerous class action lawsuits against employers and other retail business who have collected biometric data without consent and without instituting the proper safeguards.
If you wish to be a part of this case or would like more information regarding your rights, please contact us.