Using Biometric Data May Cost Employers Big Dollars
In times when fingerprints and other biometric data are routinely used for menial tasks, e.g., to check text messages and tag friends in social media posts, it is hard to believe the use of biometric material may lead to a lawsuit. In response to growing concerns of identity theft, in 2008, the Illinois General Assembly passed the Biometric Information Privacy Act (“BIPO”). The BIPO restricts businesses’ collection, storage, and disclosure of personal biometric information. Biometric data includes retina and iris scans, fingerprints, voiceprints, handprints, and face geometry. Illinois employers must be hyper-diligent about BIPO compliance, as Illinois is the only state that allows a private cause of action and attorneys’ fees for violations.
In the wake of heightened time-keeping scrutiny under the Fair Labor Standards Act, it has become common practice for employers to scan employee fingerprints into a company database upon hire, and instruct employees to use their fingerprints to punch in and out for shifts and log break periods. BIPO litigation is on the rise. Class-action plaintiffs are pouncing on the opportunity to turn seemingly innocuous time-keeping procedures into big dollars.
On October 10, 2017, another BIPO complaint was filed in the Circuit Court of Cook County—nearly a dozen have been filed in the last six months. The named plaintiff sued her former employer for use of fingerprints for time-tracking purposes. The plaintiff, who was only employed from July 10 until August 28, claims her employer failed to collect written authorization from employees before collecting fingerprint scans, failed to inform employees how long fingerprint scans were retained after employment, and failed to explain how electronic records are destroyed. The lawsuit, like other BIPO class actions, seeks statutory damages of $1,000.00 to $5,000.00 per violation plus attorneys’ fees. This is likely the beginning of a growing trend in BIPO class-action litigation. Employers, especially larger employers, should be mindful of BIPO and consider internal audits to uncover any potential areas of noncompliance.