Certain States Have Passed, Expanded or Proposed Legislation To Regulate The Collection, Use, And Dissemination Of Biometric Information, But Only Illinois Provides A Private Right Of Action To Recover Damages For Biometric Privacy Violations
The Illinois Biometric Information Privacy Act (“BIPA”) protects biometric identifiers, otherwise known as biometrics or biometric information. BIPA defines biometric identifier as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.”
According to BIPA:
The use of biometrics is growing in the business and security screening sectors and appears to promise streamlined financial transactions and security screenings.
. . .
Biometrics are unlike other unique identifiers that are used to access finances or other sensitive information. For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”
An overwhelming majority of members of the public are weary of the use of biometrics when such information is tied to finances and other personal information.
BIPA prohibits a private entity from collecting, capturing, purchasing, receiving through trade, or otherwise obtaining a person’s or a customer’s biometric identifier or biometric information, unless the private entity (1) informs the subject or the subject’s legally authorized representative in writing that a biometric identifier or biometric information is being collected or stored; (2) informs the subject or the subject’s legally authorized representative in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and (3) receives a written release executed by the subject of the biometric identifier or biometric information or the subject’s legally authorized representative.
BIPA also prohibits a private entity which possesses a biometric identifier or biometric information from disclosing, redisclosing, or otherwise disseminating a person’s or a customer’s biometric identifier or biometric information unless (1) the subject of the biometric identifier or biometric information or the subject’s legally authorized representative consents to the disclosure or redisclosure; (2) the disclosure or redisclosure completes a financial transaction requested or authorized by the subject of the biometric identifier or the biometric information or the subject’s legally authorized representative; (3) the disclosure or redisclosure is required by State or federal law or municipal ordinance; or (4) the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
BIPA also mandates that a private entity that possesses a biometric identifier or biometric information shall:
(1) store, transmit, and protect from disclosure all biometric identifiers and biometric information using the reasonable standard of care within the private entity’s industry; and (2) store, transmit, and protect from disclosure all biometric identifiers and biometric information in a manner that is the same as or more protective than the manner in which the private entity stores, transmits, and protects other confidential and sensitive information.
Do You Believe Your Biometric Information May Have Been Illegally Collected, Stored, Used, Disclosed, Transmitted Or Disseminated?
Illinois’ Biometric Information Privacy Act provides a private right of action in an Illinois state circuit court, or as a supplemental claim in federal district court, against an offending party. Among other relief, BIPA provides for liquidated damages of $1,000 or actual damages, whichever is greater, against a private entity that negligently violates a provision of BIPA, as well as liquidated damages of $5,000 or actual damages, whichever is greater, against a private entity that intentionally or recklessly violates a provision of BIPA.
If you believe your biometric data has been illegally collected, stored, used, disclosed, transmitted or disseminated, please contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], [email protected], to discuss potential legal claims.
Source of BIPA-related information: ILGA.gov, 740 ILCS 14/1, et seq., accessed 06.01.2020; all emphasis added.