This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| 1 minute read

Every Scan of Biometric Information is a New BIPA Violation, per Illinois Supreme Court

The highest court in Illinois has been on a biometric privacy tear in 2023. After holding last month that claims can be brought up to five years after they accrue, the court has now held that each instance of collecting biometric information triggers a new injury and thus supports a damages claim. In the case at bar, an employer used a fingerprint scan authentication tool to validate employee access to paystubs or company computers. The court's decision means that every time an employee was required to scan her finger to gain access, she suffered a compensable injury under the state's biometric privacy law (BIPA).

Why It Matters

The plaintiff's bar has been active with BIPA claims for several years now, and that trend is unlikely to slow down based on the recent decisions out of the state supreme court. It is increasingly common for companies to use biometric information for all kinds of security and authentication, including in timekeeping and point-of-sale platforms. For any company that uses fingerprints, facial recognition, or similar means of authentication regarding Illinois employees, we strongly urge you to consult with counsel to make sure that your privacy notices and other practices are BIPA compliant.  

"With the subsequent scans, the fingerprint is compared to the stored copy of the fingerprint. Defendant fails to explain how such a system could work without collecting or capturing the fingerprint every time the employee needs to access his or her computer or pay stub," the high court said.

Tags

data security and privacy, hill_mitzi, insights