Search form

Illinois Nursing Home Faces Employee Class Action Based on State Biometric Privacy Act

By Joseph J. Lazzarotti
  • October 23, 2017

Alleging that mandatory daily biometric fingerprint scans violate employees’ privacy rights under the Illinois Biometric Information Privacy Act (BIPA), employees of Paramount of Oak Park Rehabilitation & Nursing Center, LLC, have filed a putative class action against the nursing home.

The BIPA requires companies that collect and use biometric information to obtain a written release prior to collecting such data. Under the BIPA, individuals may sue for violations and, if successful, can recover liquidated damages ranging from $1,000 (or actual damages, whichever is greater) for each violation for negligent violations to $5,000 for each violation for intentional or reckless violations — plus attorneys’ fees and costs. Our FAQs provide basic information on the BIPA and include recommendations and best practices for companies that collect or use biometric information.

Martin Ragsdale, on behalf of the class, claims that Oak Park requires a minimum of two fingerprint scans from employees each day — for clocking in and clocking out. Ragsdale argues that the nursing home’s practice is “invasive” and “exposes the workers to serious and irreversible privacy risks — risks that BIPA was designed to avoid — including the ever-present risk of a data breach.”

Ragsdale, on behalf of the class, requests that the Illinois circuit court:

  1. Grant an injunction barring Oak Park from further collecting fingerprints,
  2. Require Oak Park to destroy fingerprints it has collected to date, and
  3. Award the class an unspecified amount in damages and legal fees.

New Trend of Employee Biometric Class Actions

From July 2017 to October 2017, at least 26 employment class actions based on the BIPA have been filed in Illinois state court. Similar to the suit against Oak Park, the class actions allege employer misuse of timekeeping systems that collect fingerprint scans. They claim the employer failed to provide proper notification and obtain written consent or neglected to institute a valid use policy.

Although some consider Illinois the leader in biometric data protection, other states have enacted laws similar to the BIPA, and still others are considering such legislation.

Questions to Consider

Companies that want to implement technology that uses employee or customer biometric information (for timekeeping, physical security, validating transactions, or other purposes) should consider the following:

  • Whether the company actually captures biometric information as defined under applicable law;
  • Whether the company provides proper notification and obtains written consent/release;
  • How long biometric information is retained;
  • How biometric information is accessed, stored, and safeguarded; and
  • Whether the company has a data breach response plan that covers biometric data.

***

Many see the use of biometric technologies as a way to help secure other confidential information against data breaches that continue to cripple governments, businesses, and other organizations. Of course, biometric information is itself sensitive, personal information that requires protection, as demonstrated by the growing number of new laws. 

Jackson Lewis attorneys are available to answer questions about whether your company’s practices comply with applicable law.

©2017 Jackson Lewis P.C. This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Jackson Lewis and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.

Reproduction of this material in whole or in part is prohibited without the express prior written consent of Jackson Lewis P.C., a law firm with more than 900 attorneys in major cities nationwide serving clients across a wide range of practices and industries. Having built its reputation on providing premier workplace law representation to management, the firm has grown to include leading practices in the areas of government relations, healthcare and sports law. For more information, visit www.jacksonlewis.com.

See AllRelated Articles You May Like

March 11, 2019

New Jersey Bills Would Give Consumers Control Over Their Personal Data Privacy

March 11, 2019

New Jersey has joined a growing list of states considering legislation on data privacy to promote transparency, accountability, and individual choice. One bill would create new obligations for commercial entities whose online website or services collect personally identifiable information (PII) from individuals in New Jersey. A second... Read More

January 28, 2019

California Consumer Privacy Act: FAQs for Employers

January 28, 2019

Data privacy and security regulation is growing rapidly around the world, including in the United States. In addition to strengthening the requirements to secure personal data, individuals are being given an increasing array of rights concerning the collection, use, disclosure, sale, and processing of their personal information.... Read More

January 25, 2019

Actual Harm Not Required to Sue Under Illinois Biometric Information Privacy Law

January 25, 2019

The Illinois Supreme Court has ruled that individuals need not allege actual injury or adverse effect, beyond a violation of his or her rights under the Illinois Biometric Information Privacy Act (BIPA), in order to qualify as an “aggrieved” person and be entitled to seek liquidated damages, attorneys’ fees and costs, and injunctive... Read More