Search form

Illinois Nursing Home Faces Employee Class Action Based on State Biometric Privacy Act

By Joseph J. Lazzarotti
  • October 23, 2017

Alleging that mandatory daily biometric fingerprint scans violate employees’ privacy rights under the Illinois Biometric Information Privacy Act (BIPA), employees of Paramount of Oak Park Rehabilitation & Nursing Center, LLC, have filed a putative class action against the nursing home.

The BIPA requires companies that collect and use biometric information to obtain a written release prior to collecting such data. Under the BIPA, individuals may sue for violations and, if successful, can recover liquidated damages ranging from $1,000 (or actual damages, whichever is greater) for each violation for negligent violations to $5,000 for each violation for intentional or reckless violations — plus attorneys’ fees and costs. Our FAQs provide basic information on the BIPA and include recommendations and best practices for companies that collect or use biometric information.

Martin Ragsdale, on behalf of the class, claims that Oak Park requires a minimum of two fingerprint scans from employees each day — for clocking in and clocking out. Ragsdale argues that the nursing home’s practice is “invasive” and “exposes the workers to serious and irreversible privacy risks — risks that BIPA was designed to avoid — including the ever-present risk of a data breach.”

Ragsdale, on behalf of the class, requests that the Illinois circuit court:

  1. Grant an injunction barring Oak Park from further collecting fingerprints,
  2. Require Oak Park to destroy fingerprints it has collected to date, and
  3. Award the class an unspecified amount in damages and legal fees.

New Trend of Employee Biometric Class Actions

From July 2017 to October 2017, at least 26 employment class actions based on the BIPA have been filed in Illinois state court. Similar to the suit against Oak Park, the class actions allege employer misuse of timekeeping systems that collect fingerprint scans. They claim the employer failed to provide proper notification and obtain written consent or neglected to institute a valid use policy.

Although some consider Illinois the leader in biometric data protection, other states have enacted laws similar to the BIPA, and still others are considering such legislation.

Questions to Consider

Companies that want to implement technology that uses employee or customer biometric information (for timekeeping, physical security, validating transactions, or other purposes) should consider the following:

  • Whether the company actually captures biometric information as defined under applicable law;
  • Whether the company provides proper notification and obtains written consent/release;
  • How long biometric information is retained;
  • How biometric information is accessed, stored, and safeguarded; and
  • Whether the company has a data breach response plan that covers biometric data.

***

Many see the use of biometric technologies as a way to help secure other confidential information against data breaches that continue to cripple governments, businesses, and other organizations. Of course, biometric information is itself sensitive, personal information that requires protection, as demonstrated by the growing number of new laws. 

Jackson Lewis attorneys are available to answer questions about whether your company’s practices comply with applicable law.

©2017 Jackson Lewis P.C. This Update is provided for informational purposes only. It is not intended as legal advice nor does it create an attorney/client relationship between Jackson Lewis and any readers or recipients. Readers should consult counsel of their own choosing to discuss how these matters relate to their individual circumstances. Reproduction in whole or in part is prohibited without the express written consent of Jackson Lewis.

This Update may be considered attorney advertising in some states. Furthermore, prior results do not guarantee a similar outcome.

Jackson Lewis P.C. represents management exclusively in workplace law and related litigation. Our attorneys are available to assist employers in their compliance efforts and to represent employers in matters before state and federal courts and administrative agencies. For more information, please contact the attorney(s) listed or the Jackson Lewis attorney with whom you regularly work.

See AllRelated Articles You May Like

July 11, 2018

Fitness Industry Legal Update - Summer 2018

July 11, 2018

Social media can be a great way for companies in the fitness industry to build and engage their communities. The hazards of social media as to employees, companies, and privacy, however, should not be ignored. This is especially true if social media is key to a business’s marketing or employee-recruitment goals. In this issue, we cover... Read More

July 9, 2018

Brett Kavanaugh Nominated to U.S. Supreme Court

July 9, 2018

In the wake of Justice Anthony Kennedy’s retirement, President Donald Trump was presented with the rare opportunity to make his second U.S. Supreme Court nomination in as many years, nominating the Honorable Brett M. Kavanaugh to succeed Justice Kennedy. If confirmed by the Senate, Judge Kavanaugh would bring more than a dozen years of... Read More

April 9, 2018

State Data Breach Notification Laws: Overview of the Patchwork

April 9, 2018

The nation’s patchwork of state data breach notification laws is now complete. All 50 states, as well as the District of Columbia, Puerto Rico, Guam, and the Virgin Islands, have enacted breach notification laws requiring private organizations or government entities to notify individuals of a security breach involving their personally... Read More