The use of biometric data has become pervasive, commonplace, and socially acceptable. In most jurisdictions, few legal hurdles exist to implementing biometric technology, but Illinois has passed the strongest biometric privacy law in the United States—the Illinois Biometric Information Privacy Act (“BIPA”). In adopting BIPA, the Illinois legislature recognized unforeseeable uses and abuses of biometric data and understood that biometric data must be fiercely protected because unlike other personal information, biometric data cannot be changed when compromised. Most importantly, BIPA includes a private right of action.

Although BIPA has existed for over a decade, its significance increases as the use of biometric technology spreads. Today, biometric technologies are booming; they are becoming more accessible, cost-efficient, and effective. This exciting time for technological advancement coincides with heightened legal risk. In 2018, the Illinois Supreme Court held in Rosenbach v. Six Flags Entertainment Corp., et. al. that technical and procedural violations of BIPA are sufficient to establish statutory standing to sue, regardless of actual harm. This ruling, which essentially allows no-injury class actions, has emboldened plaintiffs (and the plaintiffs’ bar) to file more BIPA lawsuits than ever before. Accordingly, the number of class action complaints will rapidly increase in the coming years.

Biometric technology may sound somewhat futuristic, but it is gaining traction in many applications.  Several examples of biometric technology being implemented include

  • Businesses using fingerprints and other biometric data to manage security access and convenience;
  • Employers using fingerprints and other biometric data as timeclocks to track hours worked;
  • Amusement parks and gyms using fingerprints to identify persons with season passes/memberships;
  • Online social media platforms using face recognition and face geometry to “tag” photos;
  • Security teams using biometric information to identify known security risks at live events; and
  • Retail establishments using biometric data to identify banned customers who enter stores.

Hahn Loeser’s Biometric Privacy Practice Group provides three primary areas of service to its clients.

  • BIPA Client Counseling & Compliance
  • BIPA Class Action Defense
  • BIPA Insurance