trending ATTORNEYS on baker sterchi
{{item.T}}
Kansas City, Missouri
2400 Pershing Road, Suite 500, Kansas City, Missouri 64108-2533
Illinois BIPA Reform Reduces Potential Liability for Collecting or Sharing Biometric Data
ABSTRACT: Illinois’ biometric privacy reform will significantly reduce a company’s potential liability for collecting or sharing an individual’s fingerprint and other biometric data without informed consent. Effective immediately, private entities that collect or disclose the same biometric identifier from the same person with the same collection methods commits only one violation and the individual is entitled to just one recovery of statutory damages.
With the Illinois Governor’s signature on Senate Bill 2979, amendments to the Biometric Information Privacy Act, known as “BIPA” (740 ILCS 14/1, et seq.), offer companies protections which will significantly reduce a company’s potential liability for collecting and sharing an individual’s biometric data without informed consent. BIPA is amended to say that private entities that collect or disclose the same biometric identifier from the same person using the same collection method commits only one violation of the law, entitling the individual to just one recovery of statutory damages, regardless of the number of times that biometric information is shared. 740 ILCS 14/20. The amendment presents what can be considered “guard rails” on what might otherwise be significant liability for a business.
The amendment also redefines and significantly expands “written release” to include electronic signatures, which is now defined to include “an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.” 740 ILCS 14/10.
The amendment is largely a response to the Illinois Supreme Court’s interpretation of a pre-amendment BIPA claim against White Castle. In Cothron v. White Castle Sys., 2023 IL 128004, the court found each unlawful fingerprint scan or disclosure constituted a new BIPA claim but that damages awards for each violation remained discretionary, noting that “there is no language in the Act suggesting legislative intent to authorize a damages award that would result in the financial destruction of a business.” Cothron at ¶ 42. White Castle had argued that only the first illegal biometric scan or disclosure was actionable under the Act because the alternative would expose even the smallest of companies to potentially disastrous statutory damages even when the claimants were unable to point to any actual damages from each alleged violation.
Illinois enacted BIPA in 2008, and it was considered a pioneering law for the protection of consumers and employees from misuse of biometric data, including face recognition, fingerprints, voice recognition, retinal scans, and other types of personal identifying information. BIPA, however, had come under fire by companies hit with large (and sometimes disastrous) fines due to its previous provisions allowing for fines for each violation of the act, even when the violation involved the same biometric data from the same person using the same collection method.
The area of BIPA litigation in Illinois remains dynamic, and Baker Sterchi remains committed to following and reporting upon this important and developing area of the law.
About Illinois Law Blog
Baker Sterchi's Illinois Law Blog examines significant developments, trends and changes in Illinois law on a broad range of topics that are of interest to Illinois practitioners and to businesses evaluating risks under Illinois law or managing litigation subject to Illinois law. Learn more about the editor, Lisa Larkin.
Subscribe via email
Subscribe to rss feeds
RSS FeedsABOUT baker sterchi blogs
Baker Sterchi Cowden & Rice LLC (Baker Sterchi) publishes this website as a service to our clients, colleagues and others, for informational purposes only. These materials are not intended to create an attorney-client relationship, and are not a substitute for sound legal advice. You should not base any action or lack of action on any information included in our website, without first seeking appropriate legal or other professional advice. If you contact us through our website or via email, no attorney-client relationship is created, and no confidential information should be transmitted. Communication with Baker Sterchi by e-mail or other transmissions over the Internet may not be secure, and you should not send confidential electronic messages that are not adequately encrypted.
The hiring of an attorney is an important decision, which should not be based solely on information appearing on our website. To the extent our website has provided links to other Internet resources, those links are not under our control, and we are not responsible for their content. We do our best to provide you current, accurate information; however, we cannot guarantee that this information is the most current, correct or complete. In addition, you should not take this information as a promise or indication of future results.
Disclaimer
The Illinois Law Blog is made available by Baker Sterchi Cowden & Rice LLC for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. Your use of this blog site alone creates no attorney client relationship between you and the firm.
Confidential information
Do not include confidential information in comments or other feedback or messages related to the Illinois Law Blog, as these are neither confidential nor secure methods of communicating with attorneys. The Illinois Law Blog should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.
