The Illinois Biometric Information Privacy Act (BIPA) was enacted in 2008 to regulate the collection and storage of biometric information by private entities. The Aact covers retina or iris scans, fingerprints, voiceprints, and scans of hand or facial geometry. In the employment context, it requires an employer using biometric information, such as fingerprint scans to clock in and out, or to access secure areas, or to log in to point-of-sale systems, to have a written policy in place, and to obtain a written release from employees for the collection and use of this information as a condition of employment.
Although both Texas and Washington enacted similar laws in 2009 and 2017, respectively, Illinois is the only jurisdiction whose act provides for a private right of action. BIPA further provides for a $1,000 penalty for each negligent violation, a $5,000 penalty for each willful or reckless violation, and the recovery of attorney’s fees and other litigation expenses. As a result, the potential exposure for alleged violations of BIPA can become very high, very quickly. This is especially true for employers, where it is relatively easy to determine whether the employer has complied with BIPA’s requirement to have a written policy and obtain written releases from its employees.