Search form

Employers Increasingly Targets of Illinois Biometric Information Privacy Act Lawsuits

By Nadine C. Abrahams, Jody Kahn Mason, Sean C. Herring and Joseph J. Lazzarotti
  • September 15, 2017

Although the Illinois Biometric Information Privacy Act has been the law in Illinois since 2008, in the past year, there have been at least 12 class actions filed against employers in Illinois state and federal courts seeking to redress alleged violations of the Act.

With recent advances in technology, the use of biometric data has rapidly become integral to the operation of many companies incorporating the use of biometric data into all facets of their businesses. Examples include the use of fingerprint scans with time-management software, facial recognition scans for marketing purposes, and retina scans to gain access to secured facilities. While the use of these technologies undoubtedly provides companies such benefits as heightened accuracy and security, it also comes with the potential for significant legal liability if not implemented correctly.

The Biometric Information Privacy Act has recently become the source of increased scrutiny by plaintiffs’ attorneys. With liquidated damages ranging from $1,000 for each violation for negligent violations of the Act, to $5,000 for each violation for reckless violations — plus attorneys’ fees and costs — the potential liability for failure to comply with the Act could be catastrophic.

The Act requires companies that collect and use biometric information to obtain a written release prior to collecting such data. The Act also has requirements related to the protection, use, and destruction of biometric information. Although the Act’s requirements are strict, companies can take steps to protect themselves. Our FAQs provide basic information on the Act and include recommendations and best practices for companies that collect or use biometric information.

If you have questions about whether your company’s practices comply with applicable law, do not hesitate to contact the Jackson Lewis attorneys listed with this article.

©2017 Jackson Lewis P.C. This Update is provided for informational purposes only. It is not intended as legal advice nor does it create an attorney/client relationship between Jackson Lewis and any readers or recipients. Readers should consult counsel of their own choosing to discuss how these matters relate to their individual circumstances. Reproduction in whole or in part is prohibited without the express written consent of Jackson Lewis.

This Update may be considered attorney advertising in some states. Furthermore, prior results do not guarantee a similar outcome.

Jackson Lewis P.C. represents management exclusively in workplace law and related litigation. Our attorneys are available to assist employers in their compliance efforts and to represent employers in matters before state and federal courts and administrative agencies. For more information, please contact the attorney(s) listed or the Jackson Lewis attorney with whom you regularly work.

See AllRelated Articles You May Like

April 9, 2018

State Data Breach Notification Laws: Overview of the Patchwork

April 9, 2018

The nation’s patchwork of state data breach notification laws is now complete. All 50 states, as well as the District of Columbia, Puerto Rico, Guam, and the Virgin Islands, have enacted breach notification laws requiring private organizations or government entities to notify individuals of a security breach involving their personally... Read More

March 26, 2018

Federal Communications Commission Order on Telephone Calls Went Too Far, D.C. Circuit Court Rules

March 26, 2018

The U.S. Court of Appeals for the District of Columbia has issued a highly anticipated ruling reviewing the Federal Communications Commission’s July 2015 Declaratory Ruling and Order interpreting the Telephone Consumer Protection Act (TCPA). ACA Int’l, et al. v. FCC, et al., No. 15-1211 (D.C. Cir. Mar. 16, 2018). The TCPA generally... Read More

February 27, 2018

Is Employee Consent under EU Data Protection Regulation Possible?

February 27, 2018

U.S. organizations that control or process the personal data of European Union residents likely are subject to the EU’s new data protection requirements, the General Data Protection Regulation (GDPR). The GDPR takes effect on May 25, 2018. The GDPR, which supersedes the 1995 EU Data Protection Directive, imposes harsh penalties for... Read More