Lindsey Tonsager, Libbie Canter, and Priya Leeds of Covington and Burling write:
Yesterday, both houses of Illinois’ legislature passed S.B. 2979, a significant amendment to the Illinois Biometric Information Privacy Act (BIPA). The bill states that an entity that, in more than one instance, obtains the same biometric identifier or biometric information from the same person using the same method of collection, in violation of BIPA’s notice and consent requirement has committed a single violation. As a result, each aggrieved person is entitled to, at most, one recovery for a single collective violation.
For instance, an employer who requires employees to use a biometric timekeeping system without providing the requisite notice and obtaining consent would, under the amended law, be liable only for one violation of BIPA, rather than one violation for each day the employer had used the timekeeping system. This is significant because the law imposes a penalty of $1000 per violation, or $5,000 per intention or reckless violation. Due to this amendment, plaintiffs’ incentive to file suit under BIPA may decrease.
Read more at Inside Privacy.