Illinois Supreme Court Opens Door to Enormous Damages Awards for Violation of Biometric Privacy Law

Peter Donati
Levenfeld Pearlstein, LLC
Contact
LinkedIn
Facebook
X
Send
Embed

Illinois employers that use biometric timeclocks (such as finger, face, hand, or retina scan timeclocks or entry devices) or collect other biometric information should take action immediately to confirm they are in compliance with Illinois’s Biometric Privacy Act (BIPA). Although BIPA has been in effect in Illinois since 2008, its requirements continue to catch businesses off guard – most recently with the Illinois Supreme Court’s decision in Cothron v. White Castle, issued on February 17, 2023.

The case centered on White Castle’s use of fingerprint scans when employees logged onto their computers. White Castle argued that a BIPA violation only occurred the first time the law was violated by collecting employee biometric information. The plaintiff, on the other hand, argued that a separate violation occurred each time she and fellow employees logged onto their computers with their fingerprint scans. The Illinois Supreme Court agreed with the plaintiff.

For employers using biometric timeclocks, this means that it is a separate violation—and potentially a separate penalty—for each time an employee clocks in and clocks out. With penalties of $1,000 for negligent violations and $5,000 for intentional or reckless violations, liability for companies could be astronomical. As penalties compound, even small employers could face seven-figure damages awards if they have used a biometric timeclock for a number of years.

In White Castle, the Court found that the company had repeatedly scanned fingerprints of nearly 9,500 employees. With each instance deemed a separate violation, the company estimates the penalties could be as much as $17 billion. The Court rejected the company’s argument that assessment of penalties for each scan would be “annihilative liability” for employers, noting that damages are not mandatory under the language of the statute and that lower courts will still have the discretion to fashion remedies that do not bankrupt defendants. The Court also suggested that it is up to the Illinois legislature to reform the statute if it intended a different outcome. However, these aspects of the ruling may be of limited comfort for employers seeking to negotiate settlements with plaintiffs’ attorneys armed with this decision.

The White Castle decision follows another major BIPA decision, in which the Illinois Supreme Court held in Tims v. Black Horse Carriers Inc. that the statute of limitations for BIPA claims is five years, rejecting the one-year limitations period advocated by the defendant.

These decisions will have significant implications for Illinois employers that use biometric information. If your company uses – or previously used – biometric information (such as finger, face, hand, or retina scan timeclocks or entry devices), it’s critical that you confirm that you are complying with BIPA’s requirements.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Levenfeld Pearlstein, LLC | Attorney Advertising

Written by:

Levenfeld Pearlstein, LLC
Levenfeld Pearlstein, LLC
Contact
more
less

Levenfeld Pearlstein, LLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide