ARTICLE
20 August 2024

Illinois Reins In Astronomical Damages Under Biometric Privacy Law

FL
Foley & Lardner

Contributor

Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
Illinois employers will no longer face astronomical damages — into the millions or even hundreds of millions of dollars at issue in recent class action lawsuits...
United States Illinois Privacy

Illinois employers will no longer face astronomical damages — into the millions or even hundreds of millions of dollars at issue in recent class action lawsuits — for violations of the Biometric Information Protection Act (BIPA) under reforms signed into law on August 2, 2024. Still, there are significant consequences for even technical violations for BIPA, and employers should review their policies and practices in light of these recent changes.

We have previously discussed how employers in Illinois can ensure compliance with BIPA following court rulings that greatly expanded potential liability under the law. BIPA imposes various requirements, including maintaining a written and publicly available policy and obtaining written consent from individuals, before companies may use finger or hand scans, facial recognition, or other biometric information. Employers have increasingly used finger scans or other biometric information for timekeeping, and those unaware of BIPA's strict requirements have faced substantial liability for technical violations of the law because plaintiffs do not need to prove actual harm or misuse of their information to recover damages.

In 2023, the Illinois Supreme Court issued rulings that exponentially expanded liability for businesses that use biometric information, including: (1) the statute of limitations for BIPA claims can reach back five years; and (2) a separate violation of BIPA occurs every single time a company collects or uses biometric information without complying with notice and consent requirements. This meant that employers that used finger scans for clocking in and out of work — but did not satisfy BIPA requirements — faced damages of up to thousands of dollars for every single scan, such that total damages in class action cases could total millions or hundreds of millions of dollars.

With the new reforms, damages for BIPA violations are no longer calculated on a "per scan" basis but are instead calculated "per person" so that multiple scans or collections of biometric information for one person allows just one recovery under the law. In addition, the law now clarifies that written consent to collect and use individual's biometric information can be obtained through an electronic signature.

Employers outside of Illinois should also pay attention. Texas, Washington State, and New York City also have biometric privacy laws, and similar legislation has been introduced in more than a dozen other states in recent years. Businesses that use or may adopt biometric technology for timekeeping or other purposes should review compliance in this area.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More