This blog post was cross-posted from Seyfarth’s Consumer Class Defense site.

In a significant legislative development, the Illinois House of Representatives has overwhelmingly approved Senate Bill 2979, with a vote of 81 to 30, which amends the Illinois Biometric Information Privacy Act (BIPA) to limit damages to one violation per individual, rather than

Seyfarth Synopsis: Both Portland and New York City have followed the example set by Illinois’ Biometric Information Privacy Act (“BIPA”), a statute that has spawned thousands of cookie-cutter class action suits regarding the alleged collection of biometric information. Like BIPA, these new ordinances create a private right of action for individuals that could subject local businesses to potentially millions of dollars in liability. Businesses in these cities should carefully review these new ordinances as well as any technology they be using that has the potential to collect biometric information.
Continue Reading Portland, OR and New York City Follow Illinois’ Lead on Private Rights of Action in Biometric Privacy Legislation

Cross-posted from Employment Law Lookout.

Seyfarth Synopsis:  A string of recent class action lawsuits regarding businesses’ use of employees’ biometric data should put employers on heightened alert regarding compliance with various state biometric privacy laws.

As biometric technology has become more advanced and affordable, more employers have begun implementing procedures and systems that rely on employees’ biometric data. “Biometrics” are measurements of individual biological patterns or characteristics such as fingerprints, voiceprints, and eye scans that can be used to quickly and easily identify employees.  However, unlike social security numbers or other personal identifiers, biometrics are biologically unique and, generally speaking, immutable.  Thus, unlike a bank account or a social security number, which can be changed if it is stolen, biometric data, when compromised, cannot be changed or replaced, leaving an affected individual without recourse and at a heightened risk for identity theft.  Given the serious repercussions of compromised biometric data, a number of states have proposed or passed laws regulating the collection and storage of biometric data.  And plaintiffs’ attorneys are taking notice, as the number of class action lawsuits in this area has surged in recent months.

Currently, there are three states that have statutes regulating the collection and storage of biometric data: Illinois, Texas, and Washington.  In 2008, Illinois passed the Biometric Information Privacy Act (“BIPA”).  Texas followed suit in 2009, and Washington passed its biometric privacy law in 2017.
Continue Reading Hazards Ahead: Uptick in Biometric Privacy Laws Can Put Employers in Hot Seat