Search form

Illinois Nursing Home Faces Employee Class Action Based on State Biometric Privacy Act

By Joseph J. Lazzarotti
  • October 23, 2017

Alleging that mandatory daily biometric fingerprint scans violate employees’ privacy rights under the Illinois Biometric Information Privacy Act (BIPA), employees of Paramount of Oak Park Rehabilitation & Nursing Center, LLC, have filed a putative class action against the nursing home.

The BIPA requires companies that collect and use biometric information to obtain a written release prior to collecting such data. Under the BIPA, individuals may sue for violations and, if successful, can recover liquidated damages ranging from $1,000 (or actual damages, whichever is greater) for each violation for negligent violations to $5,000 for each violation for intentional or reckless violations — plus attorneys’ fees and costs. Our FAQs provide basic information on the BIPA and include recommendations and best practices for companies that collect or use biometric information.

Martin Ragsdale, on behalf of the class, claims that Oak Park requires a minimum of two fingerprint scans from employees each day — for clocking in and clocking out. Ragsdale argues that the nursing home’s practice is “invasive” and “exposes the workers to serious and irreversible privacy risks — risks that BIPA was designed to avoid — including the ever-present risk of a data breach.”

Ragsdale, on behalf of the class, requests that the Illinois circuit court:

  1. Grant an injunction barring Oak Park from further collecting fingerprints,
  2. Require Oak Park to destroy fingerprints it has collected to date, and
  3. Award the class an unspecified amount in damages and legal fees.

New Trend of Employee Biometric Class Actions

From July 2017 to October 2017, at least 26 employment class actions based on the BIPA have been filed in Illinois state court. Similar to the suit against Oak Park, the class actions allege employer misuse of timekeeping systems that collect fingerprint scans. They claim the employer failed to provide proper notification and obtain written consent or neglected to institute a valid use policy.

Although some consider Illinois the leader in biometric data protection, other states have enacted laws similar to the BIPA, and still others are considering such legislation.

Questions to Consider

Companies that want to implement technology that uses employee or customer biometric information (for timekeeping, physical security, validating transactions, or other purposes) should consider the following:

  • Whether the company actually captures biometric information as defined under applicable law;
  • Whether the company provides proper notification and obtains written consent/release;
  • How long biometric information is retained;
  • How biometric information is accessed, stored, and safeguarded; and
  • Whether the company has a data breach response plan that covers biometric data.

***

Many see the use of biometric technologies as a way to help secure other confidential information against data breaches that continue to cripple governments, businesses, and other organizations. Of course, biometric information is itself sensitive, personal information that requires protection, as demonstrated by the growing number of new laws. 

Jackson Lewis attorneys are available to answer questions about whether your company’s practices comply with applicable law.

©2017 Jackson Lewis P.C. This Update is provided for informational purposes only. It is not intended as legal advice nor does it create an attorney/client relationship between Jackson Lewis and any readers or recipients. Readers should consult counsel of their own choosing to discuss how these matters relate to their individual circumstances. Reproduction in whole or in part is prohibited without the express written consent of Jackson Lewis.

This Update may be considered attorney advertising in some states. Furthermore, prior results do not guarantee a similar outcome.

Jackson Lewis P.C. represents management exclusively in workplace law and related litigation. Our attorneys are available to assist employers in their compliance efforts and to represent employers in matters before state and federal courts and administrative agencies. For more information, please contact the attorney(s) listed or the Jackson Lewis attorney with whom you regularly work.

See AllRelated Articles You May Like

November 8, 2017

How Cybersecurity Lapses Hurt Auto Dealerships and What Dealerships Can Do

November 8, 2017

Automobile dealerships’ cybersecurity vulnerabilities can drive away customers, according to a survey by auditing firm Total Dealer Compliance. Automotive News said the survey of 200 dealerships in five states found that: Nearly 84 percent of consumers would not buy another car from a dealership that had a data security breach... Read More

October 4, 2017

Retail Industry Workplace Law Update – Fall 2017

October 4, 2017

Oregon Enacts Scheduling Legislation Oregon has become the first U.S. state to regulate employer scheduling practices in the retail, food service, and hospitality industries. Read full article… States Strengthen Protections for Pregnant Workers Employers should plan to comply with changes to Connecticut, Massachusetts, and... Read More

September 15, 2017

Employers Increasingly Targets of Illinois Biometric Information Privacy Act Lawsuits

September 15, 2017

Although the Illinois Biometric Information Privacy Act has been the law in Illinois since 2008, in the past year, there have been at least 12 class actions filed against employers in Illinois state and federal courts seeking to redress alleged violations of the Act. With recent advances in technology, the use of biometric data has... Read More