Skip to Content
Logo
Menu
  • About Our Firm
  • Practice Areas
  • Our People
  • Learning Library
  • Corporate Transparency Act
  • Contact
  • Make A Payment

Do Not Use Biometric Data Until the Illinois Legislature Acts

Do Not Use Biometric Data Until the Illinois Legislature Acts

December 5, 2017

Class action lawsuits involving biometric data are on the rise in Illinois. One example of this is a recent suit against Mariano’s.

In 2008, the Illinois legislature passed the Biometric Information Privacy Act (BIPA) to protect citizens against identity theft. Biometric identifiers may include: retina or eye scans, fingerprints, voiceprints, hand scans, or face geometry. Proof that “no good deed goes unpunished,” Illinois employers are now facing lawsuits for their use of fingerprints when employees clock in and out of work.

Plaintiff Proposed Policy

Many employers use finger-print scans for their timekeeping function and they are encouraged to do so by their payroll company. Plaintiffs argue, however, that Illinois employers who use finger-print technology must comply with BIPA which includes a requirement that employers publish a written policy which describes the purpose for collecting biometric data.

Such a policy must also describe the employer’s schedule for destroying the biometric data. Employers who collect biometric data must also inform their employees that they are collecting biometric data, and obtain a written release from every employee before they collect such data.

Combatting Arguements

Some payroll companies argue that their biometric technology is not governed by BIPA because they do not store employee fingerprints. Instead, they argue that they are scanning fingerprints and then reducing the fingerprints to an encrypted mathematical representation. This argument is untested in the courts. Meanwhile, these same payroll companies disclaim any legal liability arising from their biometric timekeeping devices and will refuse to an indemnify an employer if it is served with a class action lawsuit.

The penalties for every violation of BIPA is a statutory fine of $1,000-$5,000. Although other states have laws protecting biometric data, these states do not empower individuals to bring suit. Rather, that power is reserved for the state’s attorney general. In Illinois, however, individual employees can bring their own suit, they can petition the court for class-action status, and they can recover their attorney’s fees if they win.

Preventing BIPA Lawsuits

There are two ways for employers to prevent these lawsuits. On a micro level, employers should not use fingerprints or biometric data in connection with their time-keeping function. Old-fashioned time clocks are a better solution until the Illinois legislature changes BIPA. On a macro level, employers must continue to be sensitive to how they handle discipline and terminations. Most disgruntled employees do not go to an attorney because their employer uses biometric data. Rather, they consult an attorney because they believe they were treated unfairly.

If you have any questions about the matters addressed in this CCM Alert, please contact the following CCM author or your regular CCM contact.

Related Attorneys

Clingen Callow & McLean, LLC
Lisle Office
2300 Cabot Drive, Suite 500
Lisle, Illinois, 60532
Phone 630.871.2600
Geneva Office
21 North 4th Street
Geneva, Illinois, 60134
Phone 630.938.4769
Fax 630.871.9869
General Inquires [email protected]
  • facebook
  • linkedin

Contact Us

©2025 Clingen Callow & McLean, LLC. All rights reserved.

Law Firm Web Design by NMC

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}