Avvo Rating Badge
Peter S Lubin - Rated by Super Lawyers

Avoiding a Biometric Information Privacy Act Class Action

The Illinois Biometric Information Privacy Act (BIPA) was enacted in 2008 and more than a decade later remains a leading statute for biometric litigation. The BIPA regulates the collection, capture, safeguarding, handling, storage, retention, and destruction of “biometric identifiers,” such as fingerprints, voiceprints, retina and/or iris scans, and scans of hand or face geometry. The BIPA is generally considered the most stringent of all state laws of its type.

The purpose of the BIPA is to give individuals control over a business’s use of their biometric information by requiring notice and prior consent. The BIPA imposes five distinct obligations on employers or any private business that engages in any of the regulated activities:

(1) Informed consent prior to collection: a company may not “collect, capture, purchase, receive through trade, or otherwise obtain” biometric data from an individual unless it first informs the individual that the data is being collected or stored and the purpose of such activities and obtains a “written release” for such collection or storage.

(2) Restricted disclosure: a company that possesses biometric data may not “disclose, redisclose, or otherwise disseminate” it without consent or unless such disclosure is required by law, to complete a financial transaction, or pursuant to a valid warrant or subpoena.

(3) Retention and destruction policy: a company that possesses biometric data must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric data.

(4) Security requirements: a company that possesses biometric data must use the reasonable standard of care applicable to that company’s industry and in a manner at least as protective the company stores its own confidential and private information.

(5) Profiting prohibited (even with consent): a company that possesses biometric data may not under any circumstances sell, lease, trade or otherwise profit from biometric data.

The BIPA is by no means toothless. It carries a private right of action for harmed individuals and includes statutory damages of $1,000 per negligent violation and $5,000 per intentional violation or actual damages, whichever is greater. Additionally, successful plaintiffs may receive an award of attorney’s fees and costs and injunctive relief.

Despite being enacted in 2008, the first class action alleging a violation of the BIPA was not filed until 2015. That trend has only increased exponentially in subsequent years. Given the significant uptick in the frequency of BIPA class action, employers and companies that collect or store biometric data must be prepared to defend against a high-stakes class action lawsuit, where potential statutory damages can easily climb into the millions or even billions. Fortunately, there are several actions a company can take to mitigate or eliminate exposure and avoid or defeat such lawsuits. The surest way of accomplishing these objectives is for a company to take the time to ensure basic compliance now:

What biometric information are you collecting? The BIPA defines biometric information as information based on “biometric identifiers” used to identify a person. The statute defines biometric identifiers as a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. As technology evolves and new systems are put in place, you must carefully consider what information your company may be collecting in order to determine whether any disclosures are needed.

What disclosures do you currently make? If you have determined that your company does collect biometric information, the BIPA requires that your company provide written notice that explains that biometric information will be collected and the purpose for doing so and the length of time such information with be retained. The collection and storage of employee biometric information has become a hot button issue across the country. Creating a clear company policy concerning the collection, use, retention, and security of biometric information will, if done properly and provided to employees, not only satisfy notice requirements but may also help ease some concern employees may have.

Do you obtain a “written release”? In addition to providing notice, your company must also obtain a “written release” prior to collecting and storing an individual’s biometric information. A written release in this context means informed consent. If your company collects employee biometric information, it should obtain express written authorization from employees to collect and store their biometric information during the onboarding process.

Do you have a written policy for retention and deletion? If you have determined that your company collects or stores biometric data, then it must have a written policy for handling such data. This written policy must include a retention schedule and guidelines for permanently destroying the data at the earlier of when the purpose for the collection or storage no longer exists or three years since the last interaction with the individual.

Are you stay up-to-date on recent developments or interpretations of the law? The BIPA has caused quite a stir within the past few years and has generated much litigation. It will continue to be challenged in and interpreted by courts and those developments can have a serious impact on your company. It is also important to be aware of any regulatory changes so that your business can remain in compliance. This is where retaining the services of a knowledgeable consumer protection and data rights attorney can be invaluable.

Super Lawyers named Chicago consumer rights dispute lawyers Peter Lubin a Super Lawyer and Patrick Austermuehle a Rising Star in the Categories of Class Action, Consumer Rights, and Business Litigation. Lubin Austermuehle’s Chicago consumer protection lawyers near Oak Brook and Naperville have over thirty years of experience litigating consumer rights, auto fraud, complex class action, breach of contract, franchise and dealer termination, copyright, partnership, and shareholder oppression suits, non-compete agreement, trademark and libel suits, and many different types of business and commercial litigation disputes. Our Highland Park and Deerfield area consumer fraud and auto fraud attorneys near Chicago litigate certified pre-owned fraud cases and rebuilt wreck and flood vehicle cases against used car dealers and automobile manufacturers. We also assist Chicago, Evanston and Oak Park area used car consumers who are victims of fraud and consumer fraud. You can contact one of our consumer rights attorneys near Chicago and Oak Brook by calling 630-333-0333. You can also contact us online here.

Client Reviews

I was referred to Peter Lubin from someone in the car business to handle a law suit. From the moment I made the appointment Peter and his staff were outstanding. This wasn't an easy case, most lawyers had turned me down. However, Peter took the time to meet with me and review everything. He took on...

Sebastian R.

I worked on two occasions with Peter Lubin and his staff. They took their time with me and discussed each and every item in detail. The group makes you feel like you are part of the family and not just another hourly charge. I recommend Peter to anyone who asks me for a referral. If you are looking...

Kurt A.

Excellent law firm. My case was a complicated arbitration dispute from another state. Was handled with utmost professionalism and decency. Mr. Peter Lubin was able to successfully resolve the case on my behalf and got me a very favorable settlement. Would recommend to anyone looking for a serious...

Albey L.

I have known Peter Lubin for over 30 years. He has represented me on occasion with sound legal advice. He is a shrewd and tough negotiator leading to positive outcomes and averting prolonged legal hassles in court. He comes from a family with a legal pedigree and deep roots in Chicago's top legal...

Christopher G.

Peter was really nice and helpful when I came to him with an initial question about a non-compete. Would definitely reach out again, recommended to everyone.

Johannes B.

Contact Us

  1. 1 Free Consultation
  2. 2 Over 40 Years of Experience
  3. 3 Fighting for Your Rights!
Fill out the contact form or call us at 630-333-0333 to schedule your free consultation.

Leave Us a Message

We Accept the Following Credit Cards

Make Payment