Business group pitches BIPA reform while flow of new cases continues
A business advocacy group is calling for a landmark biometric privacy law in the United States to be amended to limit potentially ruinous lawsuit payouts.
As the call was made came word of a two new, fairly typical, potential class actions. One was filed by a cook against his employer, a Wendy’s fast-food chain in suburban Chicago and the other accuses an employee-services software firm.
The state of Illinois’ Biometric Information Privacy Act, passed in 2008, requires non-government organizations to get the consent of people before collecting their biometric data and to publicize how that data is managed.
Because firms can be sued for each collection and residents have the right to sue under the law, awards can be huge. Facebook settled a case for $725 million. BNSF Railway lost and was to pay $228 million before being able to cut that number in a settlement.
Citizens Against Lawsuit Abuse wants the state’s legislators to change BIPA so that fines can only be levied for an initial infraction. Despite its grassroots-sounding name, CALAs in a number of states and regions typically take up the causes arising from lawsuits faced by big businesses.
For its part, the Illinois CALA implies that something is wrong with how BIPA cases make it to court. It alleges that most of the lawsuits in one collar county of Chicago are handed by just four law firms.
The companies facing the biggest or sometimes potentially ruinous fines under BIPA have been tech giants and, far more often, regional employees who have used biometrics as part of their employees’ timeclock process.
There is no indication that lawmakers will change BIPA with proponents saying that the risk of a person’s biometric identifier leaking is proportional to awards. And absent regulation, more-unscrupulous businesses could sell the data, increasing the risk and profiting from a person’s unreplaceable and most personal information.
The class action filed against Wendy’s is a boilerplate affair, with an employee saying he was required to use biometric identifiers to clock in and out every day. He was not asked for consent and has not been informed about how his data will be managed, according to the court news publication the Cook County Record.
And last, Paylocity, maker of employee time-tracking software and a biometric timeclock, has been sued in a putative class action under BIPA.
According to the Record, biometric identifiers were collected without consent and stored in the cloud. It does not look good for Paylocity. The Record notes that at least three of its major competitor have lost BIPA cases. One of the settlements was $25 million.
Article Topics
biometric data | Biometric Information Privacy Act (BIPA) | biometrics | data protection | lawsuits | time and attendance
Comments