ID.me finds itself accused of biometric data privacy violation

The state of Illinois’ biometric privacy law this week spawned another proposed class action. The plaintiff, a former health care worker, is suing identification verifier ID.me in the circuit court of Cook County and not her former employer, which hired the vendor.

Latisha Skinner is a former health care worker at Ann & Robert H. Lurie Children’s Hospital, according to trade publisher Law360.

Skinner claims that she was required in January 2020 by her employer to use an ID.me enrollment application that demanded either a face or voice print for future ID verification by the hospital.

According to Skinner’s suit, she created and uploaded a picture for use as a face print.

At that time, ID.me’s policies called for data deletion 7.5 years after an ID.me account was closed, while Illinois’ Biometric Information Privacy Act mandated destruction after three years.

The vendor subsequently revised its retention and deletion rules to reflect its clients’ needs up to three years unless it is required to do otherwise by the government, according to Law360. A spokesperson for the vendor told the publication that the case is without merit.

Skinner’s lawsuit wants the maximum damages of $1,000 for each BIPA violation.

The highest-profile cases filed under the act to date have pursued the businesses that have used face and fingerprint biometric ID verification systems. Google, as with so many things, is an exception.

ID.me is already tied up in a number of ID verification-related headaches.

The U.S. Senate wants the Federal Trade Commission to investigate the company because it allegedly mislead the government about its service.

And it is still reeling from backlash involving its contract with the Internal Revenue Service. Taxpayers came under the impression that they had to submit a face scan to collect tax refunds. That is not what happened but public perception of ID.me was heavily influenced by the resulting furor.

Article Topics

biometric data  |  biometrics  |  BIPA  |  data protection  |  data storage  |  face biometrics  |  ID.me  |  identity verification  |  lawsuits