Background

Unique to the state of Illinois, the Biometric Information Privacy Act was the first of its kind enacted by a state legislature. In light of the technological advancements of the past decade, the Illinois legislature enacted this law to protect the "biometric data" of individuals, including their fingerprints, retinal scans, and facial recognition. Since BIPA's passage in 2008, a number of states have followed suit and added "biometric data" to their privacy laws.

Implications For Employers

Recently, there has been a major uptick in ligation across the country involving biometric technology, and there are no signs of this trend slowing down. In terms of preventive measures, business should establish sound protocols for the handling and dissemination of biometrics. This is important because, in this day and age, biometric data can be used to access sensitive personal information. Businesses should thus be cognizant of the biometric data laws in the states where they operate and closely examine whether their own policies and procedures are compliant.

Businesses must also be prepared to defend against a potential lawsuit under a biometric privacy statute. Following the U.S. Supreme Court's decision in Spokeo, Inc. v. Robins 136 S. Ct. 1540 (2016), the concept of "standing" has become highly relevant in employment law. As such, when confronted with a BIPA suit, businesses should focus on whether the plaintiffs suffered a traceable harm stemming from the actions taken on their biometric data.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.