Biometrics lawsuits are heating up, with plaintiffs filing actions against employers who are replacing older time and attendance systems with technology that relies on fingerprints, face scans or other individually unique biometric identification data.

The suits, which join other actions against companies that collect and sell biometric data to third parties, have all been brought under Illinois’ Biometric Information Protection Act (BIPA).

That means that any company with operations in Illinois needs to immediately assess the risks of legal liability, but other states are considering similar statutes and many are on track for legislative action in 2020.

Informed consent

The Illinois law requires anyone who collects biometric information in Illinois
or of Illinois residents anywhere else, to inform customers in writing how that
information will be used, stored, and destroyed. And the law requires that
anyone collecting the data get affirmative assent from individuals involved.

Suits filed to date include one filed against fitness chain operator Capital Fitness and its subsidiary Executive Affiliates. The suit, filed with the Circuit Court of Cook County, alleges that Executive Affiliates collected employees’ fingerprints to track time and attendance, but failed to follow BIPA’s policy disclosure requirements.

In another case, filed in January, employees of the PersonalizationMall.com, an online retailer owned by Bed Bath & Beyond, assert that the company unlawfully collects and stores workers’ biometric information by requiring employees to provide their fingerprints to track hours and breaks on the job.

The workers say they still don’t know whether the PersonalizationMall.com has destroyed or still retains their biometric information or the information it continues to collect.

No way to repair damage

Plaintiffs in these and other cases claim the exposure of biometric information is particularly damaging because it cannot be changed if it is ever exposed in a data breach.

People can open new bank accounts, change passwords, or order a new credit card. But once a face scan or fingerprint is exposed, it is effectively impossible to change them to protect against identity theft and other forms of fraud.

Significant potential liability

While case law around biometrics is still evolving, the U.S. Supreme Court decision not to review Facebook’s biometric privacy class action throws a spotlight on the scale of employers’ potential liability under BIPA.

The law allows plaintiffs to seek up to $1,000 for each negligent violation
of the law and $5,000 for each knowing violation.

The post More biometric lawsuits against employers getting into court appeared first on HR Morning.

Resources
Post Your Resume to 65+ Job Sites
Resume Service

Post to Twitter Tweet This Post