Biometric fingerprinting technology has grown by leaps in bounds in recent years, allowing us to unlock our phones, start our cars, and digitally sign sensitive documents. But convenience is only one aspect of major technological advancements. The exploitation of people’s security and privacy is often serious threat. And while many states are in a constant legislative arms race to keep up with evolving technology, sooner or later the law catches up. This is the case in Illinois, where fast food chain Wendy’s and a major plastics manufacturer are facing separate biometric fingerprinting lawsuits.
Both complaints, which were filed separately in Cook County Circuit Court, accuse Wendy’s and Amcor Ltd. of violating Illinois’ Biometric Information Privacy Act by making employees clock in and out of work with their fingerprints.
The complaints allege that new hires are required to scan their fingerprints into a digital database, which stores their information indefinitely, even if employees leave the company. Storing this type of sensitive information on a central database leaves current and former employees vulnerable to a malicious cyberattack. Per the Wendy’s complaint:
Unlike key fobs or identification cards – which can be changed or replaced if stolen or compromised – fingerprints are unique, permanent biometric identifiers associated with the employee. This exposes employees to serious and irreversible privacy risks. For example, if a fingerprint database is hacked, breached, or otherwise exposed, employees have no means by which to prevent identity theft and unauthorized tracking.
These concerns are certainly well-founded. Major retailers, banks, healthcare providers, and financial institutions have had their systems compromised by hackers, exposing the sensitive information of literally billions of customers. The prospect of having something as personally identifying as a fingerprint database fall into the wrong hands is a dangerous and terrifying prospect.
What is the Illinois Biometric Information Privacy Act?
Enacted in 2008, the Illinois Biometric Information Privacy Act (BIPA) created legal guidelines for how employers in Illinois collect, store, and secure employee biometric information, including retinal scans, fingerprints, voice and facial recognition, and other “biometric identifiers.”
BIPA does not prohibit the collection or use of biometric data, but requires employers to notify and obtain written consent from employees when their biometric information is being collected. BIPA also requires that employees are given information on how their biometrics will be used, the length of time that data will be retained, and what measures are in place to secure the data.
Under BIPA, employees can sue for statutory damages through class actions for up to $5,000 for each violation.
It will be interesting to see how these biometric fingerprinting lawsuits play out, and how they shape future legislation in other states.
Wexler Wallace takes cases of employee rights and violations of privacy seriously. If you have been harmed by illegal business practices, contact us today.
0 Comments