Whirlwind of Action Leaves Employers Where they Started: Employers Still Need to Heed Illinois Biometric Information Privacy Act
Given the proliferation of all things digital, it was no surprise that the practice of fingerprinting would become commonplace in employment settings that seek to streamline everything from production lines to employees themselves.
Illinois sought to safeguard its citizens against the risk of abuse inherent in collecting data that is unique to an individual. In doing so, it enacted the Biometric Information Privacy Act in 2008. For ten years, the courts heard hardly any complaints related to the Act. Until a mother took her complaint against Six Flags Entertainment to the Illinois Supreme Court, and won.
After the amusement park took her son’s fingerprints without consent, Ms. Rosenbach filed a complaint seeking damages based on violations of the Act. In 2019, the Illinois Supreme Court ruled that the Act, as written, provided any aggrieved party a right of action, and further, a prevailing party, $1,000 for each violation, $5,000 for each violation that occurred intentionally or recklessly, plus attorneys’ fees and costs, and other appropriate relief. Because of the procedural history, the Court’s ruling turned on the meaning of the word “aggrieved.” The Court determined that the plain meaning of the Act was to be given. Thus, the collection of biometric information without consent is deemed sufficient to bring a cause of action.
What has happened since is a flurry of action from all parties affected: attorneys advertising to aggrieved parties and employers seeking legal defense. While the Illinois General Assembly introduced three bills intending to alleviate the strain, particularly on employers who use fingerprinting as a method of timekeeping for their employees, passage of these bills is uncertain.
Because none of the bills introduced by the Illinois General Assembly survived, nothing has happened at a legislative level to protect employers from potential and likely unintentional, violations of the Biometric Information Privacy Act, which could easily put employers at risk of being fined $20,000 per day, per employee.
Therefore, it is incumbent on employers to develop a policy and consent so that they may continue to operate efficiently and still comply with Illinois law.
For questions about the Illinois Biometric Information Privacy Act, pending legislation or assistance with bringing your company into compliance, please contact Donald S. Rothschild, Erika Tovar, or any of our attorneys for further help.