A franchise owner must pay $3.5M to settle employee claims in Illinois that it collected biometric information without appropriate consent and disclosure. The employer used a timeclock system that relied on fingerprint scans to authenticate the employee. Employees claimed that the employer had violated the state biometric privacy law (BIPA).
Why It Matters
BIPA is one of the first biometric privacy laws in the US, although more are passed every year. The point of these laws is to ensure that unique information tied to an individual's physical or other indelible characteristics is treated with sensitivity in the digital age. Such laws commonly cover markers like fingerprints and facial recognition scans; and they may be broader than that. They may require extra work in terms of disclosing your privacy practices, changing how (or how long) you store data, seeking consent, or otherwise.
Illinois has seen a cottage industry of employment biometric privacy claims spring up in the last five years, based on common practices such as fingerprint scans to log into time-keeping systems at work or used as a physical security mechanism to access certain premises. Anyone with business operations in Illinois, and increasingly in other states, who collects or uses biometric information or data to manage their workforce is advised to take note.
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-15-14-55-15-714-673760d3d0763092c0219f9d.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-14-18-24-27-197-6736405b1e2d60506ae65a6d.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-13-20-26-26-654-67350b72d802632917900a22.jpg)