On Friday, January 25, 2019, the Illinois Supreme Court issued an opinion that should prompt companies to immediately assess their practices and policies regarding the collection, possession, use, storage, and destruction of biometric data. These practices are governed by an Illinois statute called the Biometric Information Privacy Act (BIPA).
As reported in our recent article, companies may choose to collect biometric data, such as employee fingerprints, to achieve workplace efficiencies, including more accurate timekeeping, fraud prevention, and onsite security. Companies may also collect the biometric data of their customers for a variety of business reasons. Under BIPA, a "biometric identifier" means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. "Biometric information" means information based on an individual's biometric identifier (regardless of how it is captured, converted, stored, or shared).
The Illinois Supreme Court confirmed that plaintiffs may maintain lawsuits for technical violations of BIPA, even if they have not suffered harm or actual damages. This ruling will most certainly invite a flood of new litigation, on top of the numerous BIPA cases that are currently pending.