Kronos agrees to settle biometric data privacy lawsuit for $15M
Kronos was sued under Illinois’ Biometric Information Privacy Act in State Court in 2019 for allegedly failing to fulfil the company’s written consent and notification responsibilities when collecting employee biometrics. The company argued it is the employer’s responsibility, not the software provider’s, and noting those very employers were being sued in an attempt to collect twice for the same claim.
Eventually in federal court, a judge referred to BIPA’s language that all companies that “capture, purchase, receive through trade, or otherwise obtain” biometric data, therefore including Kronos, are governed by BIPA.
The parties entered mediation in August, 2021.
Each plaintiff is expected to receive between $290 and $580, depending on the number of claims submitted.
The settlement will become final if it is approved by a judge, which is not a foregone conclusion in BIPA cases.
Kronos has also settled biometric data privacy violation allegations previously for $1.55 million, and the Record notes that other biometric time and attendance providers have paid $25 million (ADP), $14 million (Novatime), $3.4 million (Paychex), and $600,000 (Timeclock Plus).
Meanwhile the company is facing a series of lawsuits related to its December ransomware incident, Threatpost writes. Core services were only restored on January 22, 2022, more than a month after the attack.