Illinois Biometric Information Privacy Act (BIPA)
What is the Illinois Biometric Information Privacy Act?
The Illinois Biometric Information Privacy Act (BIPA) is a law that imposes requirements on businesses that collect or otherwise obtain biometric information, including fingerprints, retina scans, and facial geometric scans. Most often, employers seek to collect this information through biometric time clocks to keep track of employees’ hours. The law allows private individuals to bring suit and recover damages for violations.
What Businesses Are Subject to BIPA?
BIPA covers all private sector employers with employees in the state of Illinois that want to collect biometric information. However, this act does not apply to financial institutions subject to the Gramm-Leach-Bliley Act. Further, this act does not apply to contractors, subcontractors or agents of state or municipal government agencies.
What Does BIPA Require of Covered Businesses?
Who Enforces BIPA and What Are the Penalties for Non-Compliance?
Any person that is aggrieved by a violation of BIPA has the right of action in a State circuit court or the right to file a supplemental claim in a federal district court against an offending party. The courts decide the outcome. For negligent violations, individuals can recover the greater of $1,000 or their actual losses. For reckless violations, the baseline award increases to $5,000 per violation.
According to the Texas Bar Journal, since July 2017, more than 25 cases have been filed in state and federal courts in Illinois against video game companies, food product manufacturers, gas stations, and even restaurant chains (Wow Bao was sued over its use of facial scans to verify customer orders at self-service kiosks). And as more employers start to use timekeeping systems and security protocols that use biometric identifiers (such as fingerprints or facial scans), the employee/employer relationship will become a burgeoning legal battleground.