Biometric

Subscribe to Biometric via RSS

On January 25, 2019, a unanimous Illinois Supreme Court held that, under that state’s Biometric Information Privacy Act (BIPA), a person need not suffer actual injury or adverse effect in order to bring suit under the statute. In its decision in Rosenbach v. Six Flags Entertainment Corp., the Court determined that a minor child whose thumbprint was scanned as part of an amusement park’s season pass-holder program, allegedly without proper notice or consent, was an “aggrieved person” who could maintain a claim under BIPA.

BIPA imposes restrictions on how private entities collect, retain, disclose and destroy biometric identifiers, including fingerprints and other biometric information. An entity may not collect or otherwise obtain a person’s biometric identifier or information unless it: (1) informs the subject (or their legally authorized representative), in writing, that such information is being collected or stored; (2) informs the subject or their representative, in writing, of the specific purpose and length of term for which the biometric information is being collected, stored, and used; and (3) receives a written release executed by the subject or authorized representative. BIPA—the country’s only biometric privacy law with a private right of action—allows any person “aggrieved” by a violation of its provisions to bring an action against an “offending party” and to recover, for each violation, liquidated damages of $1,000 or actual damages (if greater), reasonable attorneys’ fees and costs, and any other relief that the court deems appropriate.
Continue Reading Individuals Need Not Allege Actual Injury to Sue for Damages Under the Illinois Biometric Information Privacy Act

A federal magistrate judge in California has ruled that law enforcement personnel may not require suspects to unlock their phones with biometric identifiers like a fingerprint, iris scan or facial recognition, saying the practice is unconstitutional.

The decision followed the request for a search warrant in an extortion case. The prosecutors asked for an order

Two more companies are under fire for alleged violations of the Illinois Biometric Information Privacy Act (BIPA). 

Loews Hotel in Chicago was recently sued in the Circuit Court of Cook County for allegedly violating BIPA by collecting employees’ biometric information and sharing it with third parties without the employees’ consent.

According to the suit

Oregon Governor Kate Brown recently signed a new data breach reporting law (S. 1551) that toughens the state’s existing requirements.

The new law requires companies to notify individuals within 45 days after a data breach has been discovered, unless a delay in notification is requested by law enforcement. It expands the definition of personal information

We have previously reported on Facebook’s fight against a proposed class action case alleging violation of the Illinois Biometric Information Privacy Act (BIPA). Facebook continues to fight the allegation that its collection and storage of users’ and non-users’ facial scans through the use of facial recognition technology violates BIPA, and has filed a Motion to

Hyatt Corp. was hit with a class action suit this week for allegedly violating the Illinois Biometric Information Privacy Act (BIPA) by collecting and storing employees’ fingerprints. This is the latest in a string of suits over the same complaint—employers using employees’ fingerprints for time clock systems without their written consent.

The named plaintiff alleges

With open enrollment in full swing for many employers, now is a good time to review employee benefit communications. Plan sponsors of health plans are generally responsible for properly administering all of the health plan notices required by law, including HIPAA. To ease the administrative burden and to cut costs, these notices can, and often

We have been following biometric cases in Illinois, including the case against Shutterfly [view related posts]. Late last week, an Illinois federal judge denied Shutterfly’s motion to dismiss the case against Shutterfly alleging that it violates the Illinois Biometric Information Privacy Act when collecting and storing face geometry scans through facial recognition software.

In

Forty-eight states have enacted data breach notification laws, and they frequently are amended and updated. The most recent state to update its law is Delaware.

A significant change in the new law is that Delaware residents who are affected by a data breach of their personal information must be offered 12 months of free credit