Companies and employers are legally required to properly collect, use, safeguard, and store personal biometric information. They can be liable for damages when they fail to do so.
More and companies and even employers are collecting personal biometric information for use in their business or in the workplace – potentially putting consumers and employees at risk. For example, retail businesses collect data on customers’ faces. Employers require their employees to use their fingerprint or retina scan to clock in or to process certain transactions.
In Illinois, the Biometric Information Privacy Act (“BIPA”) protects employee and consumer biometric information such as fingerprints, voice recognition, retina scans, hand scans, and facial recognition data. This type of information is unique to individual people and the Illinois legislature decided that it must be protected to help avoid identity theft and other harm. Once compromised, biometric information cannot be changed or corrected because it is a part someone’s unique physical biology.
The Illinois BIPA is one of the strongest state laws protecting biometric privacy. Under BIPA, it is against the law for businesses and employers to “collect, capture, purchase, receive through trade, or otherwise obtain a person or customer’s biometric information” without doing the following:
- Informing the person in writing that a biometric identifier or information is being collected or stored;
- Informing the person in writing of the specific purpose and length of time for which a biometric identifier or information is being collected, stored, or used; and
- Obtaining a written release executed by the person whose biometric identifier or information is being collected, stored, or used.
In addition, BIPA prohibits businesses from disclosing a person or customer’s biometric information without getting their consent first. It is also against the law to sell, lease, trade, or otherwise profit from a person’s biometric information. Private entities must have a public schedule and guidelines for permanently destroying biometric information.
Violations of BIPA result in statutory damages of $1,000 for each negligent violation or $5,000 for each willful and/or reckless violation. BIPA lawsuits are often class actions, an area where our firm has ample experience and expertise.
If your employer or a company you do business with uses your biometric information for any reason and did not provide you with written disclosures and release, contact us to evaluate whether you have a claim. You may be entitled to a payment even if there was not a data breach or if you did not suffer actual damages from the collection, use, and storage of your biometric information.
