Wendy’s faces potential class action suit under Illinois’ Biometric Information Privacy Act
Burger chain Wendy’s is the latest employer to be hit with a potential class-action suit under Illinois’ Biometric Information Privacy Act (BIPA) for using a fingerprint-based time and attendance system allegedly without properly informing employees about how their biometric data will be stored and used, and how long it will be retained, ZDNet reports.
Employees at Wendy’s use fingerprints to clock in and out, as well as with POS and cash register systems, and a pair of former employees say the company’s lack of transparency violates the state law. Software vendor Discovery NCR Corporation, which provided the fingerprint systems, is also named in the suit. ZDNet notes that BIPA was partly crafted in response to a 2007 incident in which biometrics company Pay By Touch went bankrupt while holding biometric data accumulated from retail customers, which it was eligible to sell to recoup costs.
“While there are tremendous benefits to using biometric time clocks in the workplace, there are also serious risks. Unlike key fobs or identification cards–which can be changed or replaced if stolen or compromised–fingerprints are unique, permanent biometric identifiers associated with the employee,” the plaintiffs’ representatives write in the complaint. “This exposes employees to serious and irreversible privacy risks.”
The plaintiffs have filed for class-action certification and a jury trial. They are seeking equitable relief, litigation expenses, attorney’s fees, and disclosure of information about how the fingerprints were used by Wendy’s.
An Illinois federal judge recently threw out a BIPA suit against United Airlines, on grounds that a collective bargaining agreement takes precedence as a forum for dispute resolution, but also noted that notice and consent violations on their own do not constitute injury under the statute.