What’s the damage as Illinois’ BIPA legal parade grinds on?
A flailing attempt in Illinois to protect businesses from fines related to that state’s biometric privacy law evaporated last week and the other shoe — a damages cap — hangs heavily in the air.
Employers found to have violated the Biometric Information Privacy Act when they collected the biometric data of employees when they, for instance, clocked in and out, could pay either $1,000 or $5,000 in damages per violation, according to reporting by Law360 (paywall).
On 3 February, the Illinois Supreme Court unanimously agreed employers could not hide behind workers’ compensation law to minimize their exposure to the act.
Now, the justices will look at possible caps on damages. Businesses of all sizes — in Illinois or just doing business in the state — are watching. Some small businesses with biometric workplace ID systems (likely a small percentage, depending on how that category is defined) could theoretically be ruined. Large companies could feel pain as well.
According to the Law360 article, the court found that penalties could very well be calamitous, but that is what lawmakers intended, assigning a heavy value on individuals’ biometric data. It was meant to be a wake-up call to companies misusing, mismanaging or being cavalier with the information.
Unless the justices come back reducing fines to a nominal level, which is considered unlikely, the next obvious avenue would be to have the act rewritten to give employers coverage and devaluing privacy rights.