Illinois biometric privacy lawsuits against employers continue as proposed amendment stalls

Numerous biometric data privacy infringement cases continue to wind their ways through U.S. state courts, and are unlikely to stop soon, with proposed legislation that would have stemmed the tide in Illinois stalling at committee.

The proposed legislation would have ended the right of private action under Illinois’ Biometric Information Privacy Act (BIPA), which JD Supra reported would sound a “death knell” for the wave of class action suits under the statute. A procedural deadline of March 28, 2019 had been set for the committee’s report on SB2134, but was passed without action, which Sheppard Mullin Associate Shawn Fabian wrote in a blog post typically means the legislation will go no further.

Two previous attempts to amend BIPA have failed, and State Attorney General Kwame Raoul vowed to protect the legislation shortly after his election.

Fabien suggests employers should ensure they have established a retention schedule and deletion procedure and followed all other statutory requirements of the Act.

Nearly 30 new BIPA suits have been filed so far in 2019, after the state’s Supreme Court clarified the “harm” criteria of the act in a landmark January decision.

A Daily Herald article by Ice Miller LLP Attorneys Reena Bajowala, Isaac Colunga and Martha Kohlstrand calls BIPA “a magnet for plaintiff’s attorneys” because of the stiff monetary compensation for violations.

“Companies that collect biometric data should immediately take steps to implement a BIPA compliance program,” the attorneys write.

A good compliance program ensures adherence to BIPA’s operational requirements, establishes a policy disclosing the purpose of the biometrics use, and obtains written release based on full disclosure.

BIPA cases roll on

Clothing retailer H&M is facing a potential class-action suit under BIPA for violating the requirements for its fingerprint biometric employee time and attendance system, The Fashion Law reports.

Former H&M employee Kenyetta Slater alleges that the system put employees at heightened risk of identity theft, and that it failed to meet its statutory requirements to create a publicly available written policy for employee data, and to obtain employee consent. Slater also alleges that the data was shared with a third party – the time and attendance system vendor.

H&M filed a motion to dismiss the complaint, claiming that it does acquire consent from employees, and that it does not store any biometric data itself.

Claims brought under BIPA are not disputes over wages and hours, and employees filing claims under the statute do not have to pursue them through arbitration, an Illinois appellate panel decided, according to Law360. The Four Seasons hotel chain had sought to have a class-action suit thrown out on grounds that its use of a biometric time and attendance system makes the dispute a “wage-and-hour” matter, and therefore subject to arbitration under a collective bargaining agreement. The appellate court ruled the complaint is a matter of privacy.

“In short, the act is a privacy rights law that applies inside and outside the workplace,” according to the panel decision. “Simply because an employer opts to use biometric data, like fingerprints, for timekeeping purposes does not transform a complaint into a wages or hours claim.”

Little Caesars, meanwhile, says a complainant in a proposed class action suit against it under BIPA consented multiple times to registering her fingerprint with the company, despite the compliant alleging that BIPA’s consent requirements were violated, Law360 reports.

Employee Nivea Lenoir filed the suit 13 days after going through a process that the company says includes opting in to the fingerprint biometric timekeeping system. The company also claims the suit is barred by exclusivity provisions in the Illinois Workers’ Compensation Act.

A suit brought against Shutterfly by a Florida resident has been dropped, meanwhile. MediaPost reports that a case brought in 2016 by Florida resident Alejandro Monroy, whose picture was allegedly uploaded to the service in Illinois and subsequently “tagged” with his name using biometrics, has been dropped without settlement.

Shutterfly had previously sought to have the case thrown out on the grounds that faceprints applied to photos do not qualify as biometrics captured from an individual. The reason the suit was dropped at this time is not publicly known.

Shutterfly did previously settle a separate BIPA suit in 2016.

Article Topics

biometric data  |  Biometric Information Privacy Act (BIPA)  |  biometrics  |  data protection  |  legislation  |  privacy