Class Action Filed Against Housekeeping Company Under Illinois Biometric Privacy Act

King & Spalding

 A proposed class action lawsuit filed in Illinois against Xanitos Inc., a Pennsylvania-based hospital housekeeping company, alleges that its employee timekeeping system violates the Biometric Information Privacy Act (“BIPA”), an Illinois state law. 

Passed in 2008, BIPA defines biometric information as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry” and sets standards for private entities that possess or store such information.  Companies must (i) obtain consent from the individual if biometric information will be collected; (ii) securely store biometric information; and (iii) destroy the information in a timely manner.  BIPA allows individuals to file a lawsuit for violations with damages allowed at $1,000 per violation or $5,000 for each reckless or intentional violation.

The Illinois lawsuit claims that Xanitos requires employees to utilize fingerprint scanning for timekeeping at the beginning and end of each shift.  The case filings further allege that Xanitos did not provide employees with notice or obtain written consent authorizing the collection of biometric information, nor was a retention schedule disclosed.  In addition to attorneys’ fees and costs, the plaintiff is seeking $1,000 per violation for each proposed class member, which includes any Illinois resident who had biometric information obtained by Xanitos.

A bill to amend BIPA, SB 3053, is pending before the Illinois General Assembly and proposes to offer exemptions for private entities if:

“(i) the biometric information is used exclusively for employment, human resources, fraud prevention, or security purposes; (ii) the private entity does not sell, lease, trade, or similarly profit from the biometric identifier or biometric information collected; or (iii) the private entity stores, transmits, and protects the biometric identifiers and biometric information in a manner that is the same as or more protective than the manner in which the private entity stores, transmits, and protects other confidential and sensitive information.”

Since BIPA’s passage a decade ago, only Washington and Texas have passed similar laws.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.