We only have one unique face, two irises and ten fingerprints. We can’t change our biometrics like we can a credit card number. Yet many companies are collecting and using their employees’ and our biometric information for convenience without thinking about the potential consequences.

I recently went into a high-end retailer and the sales clerk

Last week, we wrote that Quest Diagnostics reported in a security filing that a collection agency performing collections for the company had suffered an intrusion that exposed almost 12 million individuals’ personal and financial information [view related post]. Another lab company reported days later that it was notified that the information of 8 million

The North American Securities Administrators Association (NASAA) this week approved an information security model rule package aimed at improving the cybersecurity posture of the 17,543 state-registered advisers.

The proposed model would require state-registered investment advisers to establish written cybersecurity policies and procedures designed to safeguard clients’ records and information, and to deliver its privacy policy

On January 25, 2019, a unanimous Illinois Supreme Court held that, under that state’s Biometric Information Privacy Act (BIPA), a person need not suffer actual injury or adverse effect in order to bring suit under the statute. In its decision in Rosenbach v. Six Flags Entertainment Corp., the Court determined that a minor child whose thumbprint was scanned as part of an amusement park’s season pass-holder program, allegedly without proper notice or consent, was an “aggrieved person” who could maintain a claim under BIPA.

BIPA imposes restrictions on how private entities collect, retain, disclose and destroy biometric identifiers, including fingerprints and other biometric information. An entity may not collect or otherwise obtain a person’s biometric identifier or information unless it: (1) informs the subject (or their legally authorized representative), in writing, that such information is being collected or stored; (2) informs the subject or their representative, in writing, of the specific purpose and length of term for which the biometric information is being collected, stored, and used; and (3) receives a written release executed by the subject or authorized representative. BIPA—the country’s only biometric privacy law with a private right of action—allows any person “aggrieved” by a violation of its provisions to bring an action against an “offending party” and to recover, for each violation, liquidated damages of $1,000 or actual damages (if greater), reasonable attorneys’ fees and costs, and any other relief that the court deems appropriate.
Continue Reading Individuals Need Not Allege Actual Injury to Sue for Damages Under the Illinois Biometric Information Privacy Act

Two more companies are under fire for alleged violations of the Illinois Biometric Information Privacy Act (BIPA). 

Loews Hotel in Chicago was recently sued in the Circuit Court of Cook County for allegedly violating BIPA by collecting employees’ biometric information and sharing it with third parties without the employees’ consent.

According to the suit

Last week, on the two-year anniversary of the small Unmanned Aircraft Systems (UAS) rule (or Part 107), a report was released by the Association of Unmanned Vehicle Systems International (AUVSI) stating that the Federal Aviation Administration (FAA) has granted approximately 2,000 waivers since the inception of Part 107. Part 107 sets forth certain parameters and

Companies doing business in Illinois should consider getting up to speed on the Illinois Biometric Information Privacy Act (BIPA). We have reported on numerous (but not all) cases filed against technology companies and employers for alleged violations of BIPA [view related posts here]. The class action lawsuits continue to get filed at a rapid

In an effort to promote the development of new financial technology (fintech) products, Mick Mulvaney, Acting Director of the Consumer Financial Protection Bureau (CFPB), announced last week the creation of the Office of Innovation. Mulvaney said the new division, to be run by Paul Watkins under the umbrella of the CFPB, is designed to foster

In Belleville, Illinois, drones were used as part of a law enforcement investigation into a school threat this week. Both police and fire crews used their drones to monitor the school and to help determine whether there was a credible threat. Belleville Assistant Chief J.P. Penet said, “Our job was to operate in the air