Marc C. Lombardi of Shipman & Goodman writes:
As employers explore new ways to store and process biometric employee information, a new decision by the Illinois Supreme Court should cause them to exercise extreme caution when doing so.
The case, Cothron v. White Castle, relates to a federal class action law suit raising issues under the Illinois Biometric Information Privacy Act (“BIPA”). Among other things, BIPA requires any private entity that uses, collects or retains biometric information to provide the individual with a specific form of notice about the collection and use of their biometric information, and obtain their written acknowledgement and consent before collecting or using it.
Latrina Cothron, the plaintiff, sued her employer, White Castle, accusing White Castle of violating BIPA by requiring employees to scan their fingerprint in order to access pay stubs, and then disclosing the fingerprint images to an external vendor responsible for managing the fingerprint scanning system.
The plaintiff argued that each time her fingerprint was scanned or transmitted without her consent, a separate BIPA violation occurred – subject to separate statutory penalties between $1,000 and $5,000 each.
White Castle argued there should be only one statutory penalty per person, regardless of how many times that person’s biometric information was scanned or transmitted.
The federal court asked the Illinois Supreme Court to resolve the question of whether BIPA claims accrue each time a private entity scans a person’s biometric identifier and each time a private entity transmits such a scan to a third party, respectively, or only upon the first scan and first transmission.
Read more at Shipman & Goodman.