CALL US: 217.429.4296
Open/Close Menu A full-service central Illinois law firm

Biometric Data and the Illinois Biometric Information Privacy Act

Fingerprint Authentication on Phone

Class Action Privacy Litigation

Nearly 30 class action lawsuits based on the Illinois Biometric Information Privacy Act (BIPA) have been filed by employees against employers in Illinois state courts during 2017. Many employers use high-tech biometric equipment like fingerprint authentication for employee time keeping. Use of that equipment subjects an employer to compliance with BIPA, even if the employer is unaware that BIPA exists. Similarly, many employees that provide their biometric data to their employer may not realize that safeguards such as BIPA are place to protect their data.

While we hope that you find the information contained in this article informative, the below merely contains information about a relatively unknown privacy statute and should not be construed as legal advice. If you are an employee concerned about the use of your biometric data, or an employer seeking to comply with BIPA, please contact us.

What is Biometric Data?

Biometric data generally refers to an individual’s measurable biological and physical characteristics. Biometric data in the employee-employer context often relates to fingerprint authentication, such as when employers require employees to use a fingerprint operated time clock for time keeping purposes. However, there are several types of biometric identification schemes you should be aware of:

  • Face: Analysis of facial characteristics.
  • Hand Geometry: Analysis of an individual’s hand shape and finger length.
  • Eyes: Analysis of an individual’s retina and/or iris.
  • Signature: Analysis of how an individual signs their name.
  • Vein: Analysis of the pattern of veins in the back of the hand and the wrist.
  • Voice: Analysis of tone, pitch, cadence, and frequency of a person’s voice.
  • Fingerprint: The analysis of an individual’s unique fingerprints.

How do businesses use Biometric Data?

Businesses of all sizes and kinds are adopting the use of biometric data in a variety of different contexts:

  • Time Keeping: Businesses are increasingly requiring employees to sign in and out of work using their fingerprints, as opposed to identification cards or pin codes that can become lost or stolen.
  • Safety and Health Plans: Biometric data permits businesses to create and maintain profiles for each employee to track training, certifications, risk profiles, and use of company information.
  • Security Access: Many individuals use their fingerprint to open their car door or sign onto their smart phone. Businesses are also adopting this technology for secure areas, as fingerprint authentication can prevent someone without security clearance from accessing an unauthorized area.

How does BIPA regulate Biometric Data?

BIPA regulates the collection, use, safeguarding, handling, storage, retention, and destruction of biometric data. The entire statute is important, though there are five key features to remain aware of:

  • Written Consent Required: Businesses may not collect, capture, purchase, receive through trade, or otherwise obtain biometric data without first (1) informing the person in writing that their biometric data is being collected, stored, and used; (2) informing the person in writing of the specific purpose and length of term for which their biometric data is being collected, stored, and used; and (3) obtaining a written release from the individual whose biometric data is being collected, stored, and used.
  • Limited Right to Dissemination: Businesses are prohibited from selling, leasing, trading, or otherwise profiting from an individual’s biometric data, and may not disseminate or disclose biometric data unless at least one of four very narrow and rigid exceptions apply.
  • Safe Keeping Guidelines: Businesses in possession of biometric data must store, transmit, and protect all biometric data using, at a bare minimum, the same protective features that businesses use for storing, transmitting, and protecting other confidential and sensitive information. This essentially requires that biometric data be considered analogous to an individual’s social security number for safe keeping purposes.
  • Retention and Destruction Guidelines: Businesses must develop and uniformly adhere to a written policy, made available to the public, that establishes a retention schedule and guidelines for destroying biometric data when the initial purpose for collecting or obtaining the biometric data has been satisfied or within three years of the individual’s last interaction with the business, whichever was first.
  • Private Right of Action for Harmed Individuals: An individual may bring their own claim against a business that violates the Illinois Biometric Privacy Act, though the largest harm to businesses can come when many individual claims are consolidated into a class action lawsuit.

Navigating the Illinois Biometric Privacy Act

Biometric data and compliance with the Illinois Biometric Privacy Act will be a hot topic for many businesses in the coming months. Much of the litigation brought under this statute is still in its infancy, meaning the Courts have not established bright-line rules for compliance. Absent those strict rules that we all yearn for, we hope you found this information informative.

If you are an individual that believes your biometric data is being misused or your employer is collecting your biometric data without your written consent, our class action lawyers are here to help. Likewise, we are able to help local businesses navigate this confusing and ever evolving area of the law. Please contact us to schedule a free consultation.

Related Stories

October 14, 2021

New Partner Announcement – Dan L. Flannell

Flannell joins BRE Law after a lengthy career serving as Moultrie County’s Resident Circuit Judge, as well as Chief Judge of the six counties comprising the 6th Judicial Circuit of Illinois.

May 4, 2021

Paraquat Litigation

Paraquat is a herbicide frequently used by farmers. Recent studies have established a link between exposure to Paraquat and Parkinson’s Disease.

Posted in: Class Actions
Insurance Policy Picture
April 21, 2020

Help with claims for business interruption due to Coronavirus

Business Interruption Claim Lawyers Can Evaluate and Challenge Denials Recent government restrictions placed on travel,…

Posted in: Business Law
March 24, 2020

How the Families First Coronavirus Response Act may impact your business!

In response to the COVID-19 pandemic, the federal government has passed new laws which may impact you as a business owner or you as an employee.

Posted in: Business Law
February 28, 2020

Dicamba Lawsuit

Dicamba is a very powerful herbicide which may cause damage as a result of “drift.” If you have farm ground that may have been damaged by Dicamba, you may be able to make a claim.

Solders walking to plane
April 26, 2019

Military Earplugs Lawsuits

If you served in the United States military between 2003 and 2015, and have been diagnosed with tinnitus or hearing loss (whether partial or total), you may be entitled to financial compensation.

Lawyers Jon Robinson & Chris Ellis holding a Remington 700 Rifle.
November 1, 2018

Remington Settlement

Managing Partners Jon Robinson and Chris Ellis are pleased to announce a landmark class action settlement with Remington firearms concerning allegedly defective triggers in some of Remington’s most iconic firearms.

October 15, 2018

IKO Shingles Class Action Settlement

We are pleased to announce that a settlement has been reached in the case of In re IKO Roofing Shingles Products Liability Litigation, Case No. 2:09-md-2104-JES, MDL No. 2104. The plaintiffs in this case were represented by multiple law firms, including Bolen Robinson & Ellis.

Posted in: Class Actions

Copyright © 2020 BRE Law | Crafted with by Simply Built