BIPA’s Statute Of Limitation And Claims Accrual – Two Anticipated Decisions In State And Federal Courts

SmithAmundsen LLC

SmithAmundsen LLC

For the past several years, we have periodically reported regarding the proliferation of class actions and other litigation under the Illinois Biometric Information Privacy Act (BIPA).

Under BIPA, entities may not “collect, capture, purchase, receive through trade or otherwise obtain” or store a person’s biometric information without informing an individual in writing about the collection or storage of said information. Entities collecting biometric information must also specify the purpose for its collection and storage and how long it will be kept. Finally, entities must obtain a written release signed by the individual whose information has been collected.

While it has been approximately 13 years since BIPA was enacted, there are still a number of issues being litigated. One thing is certain: BIPA packs a punch with eye-popping statutory damages and monetary awards that can lead to anywhere from $1,000 to $5,000 per violation plus attorneys’ fees. Moreover, considering that an alleged violation is enough to bring a suit, BIPA is a class action dream – bearing in mind that if an employer is collecting biometric data on one individual, it is likely collecting it on many individuals.

Two critical questions will soon be addressed. First, at the Illinois appellate level, clarification is expected on the applicable statute of limitations. While a federal court in the Southern District of Illinois seemed prepared to accept a five-year statute of limitations as controlling, that court acknowledged that BIPA precedent was still “developing.” Indeed, two pending cases, namely Tims v. Black Horse Carriers, Inc. and Marion v. Ring Container Techs, will likely decide “whether BIPA claims are potentially subject to a one-, two-, or five-year statute of limitations.”

Secondly, the Seventh Circuit is expected to rule on the issue of whether or not claims accrue with each scan as opposed to only the first collection of biometric information.  In Cothron v. White Castle, the district court found that each biometric scan was a “discrete, individual act and not an accumulated course of conduct” and not a “continuing violation.” The court fully acknowledged that such interpretation might lead to large damages. However, citing Illinois precedent, the court added that where the statutory language is clear, it must be given effect even though the consequences may be “harsh, unjust, or unwise.”

In light of these risks and ongoing filings, employers must remain vigilant and ensure compliance with BIPA requirements by:

  • Analyzing the type of biometric information being collected
  • Evaluating what BIPA compliant disclosures are in place
  • Ensuring that a BIPA policy is in effect and properly applied
  • Staying alert and on top of court decisions and pending regulations

For our part, we will monitor the status of the Tims, Marion and Cothron cases and ongoing BIPA litigation and will continue to provide updates as developments arise.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© SmithAmundsen LLC | Attorney Advertising

Written by:

SmithAmundsen LLC

SmithAmundsen LLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.