PogoWasRight.org

Menu
  • About
  • Privacy
Menu

As White Castle Faces $17 Billion Fine For Privacy Violations, Other Employers Should Beware

Posted on February 23, 2023June 24, 2025 by Dissent

Marc C. Lombardi of Shipman & Goodman writes:

As employers explore new ways to store and process biometric employee information, a new decision by the Illinois Supreme Court should cause them to exercise extreme caution when doing so.

The case, Cothron v. White Castle, relates to a federal class action law suit raising issues under the Illinois Biometric Information Privacy Act (“BIPA”). Among other things, BIPA requires any private entity that uses, collects or retains biometric information to provide the individual with a specific form of notice about the collection and use of their biometric information, and obtain their written acknowledgement and consent before collecting or using it.

Latrina Cothron, the plaintiff, sued her employer, White Castle, accusing White Castle of violating BIPA by requiring employees to scan their fingerprint in order to access pay stubs, and then disclosing the fingerprint images to an external vendor responsible for managing the fingerprint scanning system.

The plaintiff argued that each time her fingerprint was scanned or transmitted without her consent, a separate BIPA violation occurred – subject to separate statutory penalties between $1,000 and $5,000 each.

White Castle argued there should be only one statutory penalty per person, regardless of how many times that person’s biometric information was scanned or transmitted.

The federal court asked the Illinois Supreme Court to resolve the question of whether BIPA claims accrue each time a private entity scans a person’s biometric identifier and each time a private entity transmits such a scan to a third party, respectively, or only upon the first scan and first transmission.

Read more at Shipman & Goodman.

No related posts.

Category: BreachesBusinessCourtFeatured NewsLawsU.S.Workplace

Post navigation

← Italian Garante Fines Three Hospitals Over Their Use of AI for Risk Stratification Purposes, Establishes That Predictive Medicine Processing Requires the Patient’s Explicit Consent
Ford’s Request of Employee Family Medical Histories Violates Illinois Law, Class Action Alleges →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals

RSS Recent Posts on DataBreaches.net

  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app
  • Au: Qantas hackers gave airline 72-hour deadline
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy