Written by: Haim Ravia and Dotan Hammer
The Illinois State Senate has approved the first significant amendment to the Biometric Information Privacy Act (BIPA) since its enactment in 2008. The amendment, now making its way through the Illinois House of Representatives, addresses concerns raised by businesses, and follows the Illinois Supreme Court’s call for action to resolve a statutory miscalculation that led to multiple multi-million-dollar settlements involving the collection of biometric data from Illinois residents.
The Illinois Supreme Court’s decision was issued on the use of employees’ fingerprints without their consent, potentially exposing the employer-company to damages of up to $17 billion. This is because BIPA stipulates $1,000 in damages for “negligent” violations and $5,000 for “reckless” or “intentional” violations. Although the Supreme Court did not issue a definitive ruling on the accumulation of damages, it urged the legislature to revisit BIPA and clarify the law’s intent regarding damage assessments.
The legislative amendment, which passed in a 46-13 vote, modifies how BIPA violations are computed. Under the amendment, the initial collection of biometric data such as fingerprints counts as a single violation, rather than each scan constituting a separate offense. This adjustment is significant because employees may use biometric scans multiple times per shift for tasks such as unlocking doors or cabinets. This is especially relevant as businesses increasingly adopt technologies like fingerprint and facial recognition to identify customers and employees.
Click here to read the Act to Amend the Illinois Biometric Information Privacy Act.