How the Illinois Biometric Information Privacy Act Impacts Your Company
Does your company have operations in Illinois and one of the following?
- A biometric time clock?
- Doors that require a fingerprint to open?
- Any facial recognition software?
If you answered yes to any of those questions, you need to be aware of the Illinois Biometric Information Privacy Act (“BIPA”), which regulates private entities’ collection, storage, use, and transmission of biometric identifiers and biometric information. Biometric information includes, for example, fingerprints or retina, voice, or face scans. BIPA requires anyone who collects, captures, purchases, obtains, shares, or discloses biometric information – including employers – to first inform the person, disclose the purpose and duration of the storage, and obtain informed written consent.
BIPA violations can result in a $1,000 penalty for each negligent violation, a $5,000 penalty for each willful or reckless violation, and the payment of an opponent’s attorneys’ fees and litigation costs. While two other states have implemented similar laws, Illinois is currently the only state to provide a private right of action, and many BIPA lawsuits are being filed in Illinois.
Be Proactive and Assess Compliance Risks
- Determine whether your company collects or uses any of the following, either internally or in client services or products:
- retina or iris scans
- scans of hand or face geometry
- If your business collects or uses any of the above, BIPA’s notice, consent, and data retention requirements may apply to you.
Reach Out to Learn More
If you are concerned that BIPA’s reach could impact your business and you would like assistance in reviewing your BIPA exposure, implementing a compliance plan, or determining your insurance coverage, please contact a Honigman Cybersecurity and Privacy attorney.