Skip to Content
Logo
Menu
  • About Our Firm
  • Practice Areas
  • Our People
  • Learning Library
  • Corporate Transparency Act
  • Contact
  • Make A Payment

Employee Privacy Rights on the Ascendancy in Illinois

Employee Privacy Rights on the Ascendancy in Illinois

February 8, 2019

The Illinois Supreme Court’s recent decision in Rosenbach v. Six Flags Entertainment Corp. holds two lessons for Illinois employers. First, Illinois employers must scrupulously comply with the Illinois Biometric Information Privacy Act (“Act”). No quarter will be given by class action attorneys if Illinois employers do not strictly comply with the Act. Second, Illinois employers must take the digital privacy rights of their employees seriously. Employers must do everything in their power to prevent data theft and identity theft that might otherwise hurt their employees.

1. Illinois’ Biometric Privacy Act and the Holding in Rosenbach

Since 2008, the Act in Illinois imposes numerous restrictions on employers as to how they collect, retain, disclose and destroy biometric data. Common biometric identifiers are retina or iris scans, fingerprints, voiceprints, scans of hand or face geometry, or biometric information. As we discussed in a prior article on the Act, many employers use biometric data in connection with their timekeeping devices for their non-exempt employees.

In Rosenbach, the Illinois Supreme Court was asked to interpret the Act for the first time and asked to determine whether a mere “technical violation” under the Act will entitle an individual to recover damages under the Act. The Rosenbach decision was not close. The Court held without dissent that mere “technical violations” under the Act are actionable. The Court’s decision was based on a plain reading of the statute, a historical definition of what it means to be an “aggrieved” party, and the Illinois Assembly’s stated risks of the use of biometric information.

2. How Should Employers Handle Biometric Information Going Forward

In 2016 we identified the risks associated with the use of biometric information and recommended, perhaps naively, that employers not use it at all until the Illinois legislature changed the Act. The Illinois legislature is not going to change the Act any time soon and Governor Pritzker probably would not agree to such a change in any event. (Wednesday Evening Word No. 28).

Since biometric information is not going away, Illinois employers must educated themselves on the fine points of the Act Employers must ensure that: (1) they properly inform their employees in writing of the biometric information they are collecting capturing or storing; (2) inform employees of the specific purpose for the collection of biometric data and how long the employer is keeping the data; and (3) obtain a written release before collecting the information.

3. Employers Must Start Thinking More Broadly about Employee Privacy Issues

The larger issue that Rosenbach raises is employee privacy rights more generally, particularly in the digital sphere. In the past, private sector employers in Illinois were not constrained by the U.S. or Illinois constitutions and they could be confident that employee privacy rights in the workplace were minimal. The growing push for comprehensive data privacy rights at the federal level will regulate employer conduct. Concrete steps to protect employees’ digital information must be a high priority for employers.

Related Attorneys

Clingen Callow & McLean, LLC
Lisle Office
2300 Cabot Drive, Suite 500
Lisle, Illinois, 60532
Phone 630.871.2600
Geneva Office
21 North 4th Street
Geneva, Illinois, 60134
Phone 630.938.4769
Fax 630.871.9869
General Inquires [email protected]
  • facebook
  • linkedin

Contact Us

©2025 Clingen Callow & McLean, LLC. All rights reserved.

Law Firm Web Design by NMC

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}