Path Cleared for Biometric Privacy Suits, Companies Encouraged to Review Practices
On Friday, January 25, 2019, the Illinois Supreme Court issued an opinion that should prompt companies to immediately assess their practices and policies regarding the collection, possession, use, storage, and destruction of biometric data. These practices are governed by an Illinois statute called the Biometric Information Privacy Act (BIPA).
As reported in our recent article, companies may choose to collect biometric data, such as employee fingerprints, to achieve workplace efficiencies, including more accurate timekeeping, fraud prevention, and onsite security. Companies may also collect the biometric data of their customers for a variety of business reasons. Under BIPA, a "biometric identifier" means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. "Biometric information" means information based on an individual's biometric identifier (regardless of how it is captured, converted, stored, or shared).
The Illinois Supreme Court confirmed that plaintiffs may maintain lawsuits for technical violations of BIPA, even if they have not suffered harm or actual damages. This ruling will most certainly invite a flood of new litigation, on top of the numerous BIPA cases that are currently pending.
If your company collects, possesses, uses, or stores biometric data belonging to employees or customers – or if you are uncertain whether your company has any practices in this regard – we strongly encourage you to promptly contact your Much attorney. Our team is prepared to review your practices and policies and confirm whether steps toward BIPA compliance should be taken.