On January 25, 2019, a unanimous Illinois Supreme Court held that, under that state’s Biometric Information Privacy Act (BIPA), a person need not suffer actual injury or adverse effect in order to bring suit under the statute. In its decision in Rosenbach v. Six Flags Entertainment Corp., the Court determined that a minor child whose thumbprint was scanned as part of an amusement park’s season pass-holder program, allegedly without proper notice or consent, was an “aggrieved person” who could maintain a claim under BIPA.

BIPA imposes restrictions on how private entities collect, retain, disclose and destroy biometric identifiers, including fingerprints and other biometric information. An entity may not collect or otherwise obtain a person’s biometric identifier or information unless it: (1) informs the subject (or their legally authorized representative), in writing, that such information is being collected or stored; (2) informs the subject or their representative, in writing, of the specific purpose and length of term for which the biometric information is being collected, stored, and used; and (3) receives a written release executed by the subject or authorized representative. BIPA—the country’s only biometric privacy law with a private right of action—allows any person “aggrieved” by a violation of its provisions to bring an action against an “offending party” and to recover, for each violation, liquidated damages of $1,000 or actual damages (if greater), reasonable attorneys’ fees and costs, and any other relief that the court deems appropriate.
Continue Reading Individuals Need Not Allege Actual Injury to Sue for Damages Under the Illinois Biometric Information Privacy Act

Two more companies are under fire for alleged violations of the Illinois Biometric Information Privacy Act (BIPA). 

Loews Hotel in Chicago was recently sued in the Circuit Court of Cook County for allegedly violating BIPA by collecting employees’ biometric information and sharing it with third parties without the employees’ consent.

According to the suit

Last week, on the two-year anniversary of the small Unmanned Aircraft Systems (UAS) rule (or Part 107), a report was released by the Association of Unmanned Vehicle Systems International (AUVSI) stating that the Federal Aviation Administration (FAA) has granted approximately 2,000 waivers since the inception of Part 107. Part 107 sets forth certain parameters and

Companies doing business in Illinois should consider getting up to speed on the Illinois Biometric Information Privacy Act (BIPA). We have reported on numerous (but not all) cases filed against technology companies and employers for alleged violations of BIPA [view related posts here]. The class action lawsuits continue to get filed at a rapid

In an effort to promote the development of new financial technology (fintech) products, Mick Mulvaney, Acting Director of the Consumer Financial Protection Bureau (CFPB), announced last week the creation of the Office of Innovation. Mulvaney said the new division, to be run by Paul Watkins under the umbrella of the CFPB, is designed to foster

In Belleville, Illinois, drones were used as part of a law enforcement investigation into a school threat this week. Both police and fire crews used their drones to monitor the school and to help determine whether there was a credible threat. Belleville Assistant Chief J.P. Penet said, “Our job was to operate in the air

Unfortunately, it was another busy data breach week. Here’s a summary of the major ones.

Delta Airlines admitted in a statement that the payment card data of several hundred thousand customers might have been compromised by malware between September 26 and October 12, 2017, through a third-party vendor ([24]7.ai that provides online chat services to

We have previously reported on Facebook’s fight against a proposed class action case alleging violation of the Illinois Biometric Information Privacy Act (BIPA). Facebook continues to fight the allegation that its collection and storage of users’ and non-users’ facial scans through the use of facial recognition technology violates BIPA, and has filed a Motion to

Last week, TOPS Software LLC (TOPS), a software company that specializes in condominium and homeowners association communication platforms, was served with a class action in Illinois federal court which alleges that TOPS violated the Telephone Consumer Protection Act (TCPA) by using auto dialer technology to solicit consumers to attend the “CAMfire conference.” The CAMfire Conference

On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located