BIPA stands for the Biometric Privacy Act. In 2008, the Illinois legislature signed the act into law. This law was designed to address the way that employers handle retina scans, facial recognition technology, and fingerprint identification. Generally, Biometric Information, means any data that is converted, stored or shared that is based on a person’s biology, which is used to identify an individual. The act mandates specific rules that employers must follow when handling their employee’s biological data (biometric data). The former baggage handler has claimed that the airline did not comply with the law in its use of time clocks that were operated by fingerprints.
BIPA does not prohibit the use or collection of the data, but specifically governs how that information is collected and stored. For negligent (unintentional) violations of this law, entities may be liable for up to $1,000 per violation. For intentional or reckless violations, liquidated damages may levied of up to $5,000 per violation. As additional companies rely on biometric data there appears to be an increased number of lawsuits in the field. Since July of this year, there have been more than 25 lawsuits filed in state or federal courts in Illinois. Lawsuits appear not to be limited to the standard employee-employer relationship. In one lawsuit a company has faced liability for its use of facial scans of customers at self-service kiosks.
Illinois is considered amongst the states with the most stringent Biometric Laws regarding consent and notice. For the plaintiff leading the action against United Airlines, he alleges that the fingerprint and hand scans violate the consent, notice, and disclosure requirements of BIPA. In this state, technology giants such as Facebook, Google, Snapchat, and Shutterfly have been sued under the BIPA for violations.
With the release of the iPhone X, Apple has decided to integrate facial recognition capabilities directly into its newest consumer products. The advancements of such technologies may result in more BIPA violations as biometric data becomes more common in corporate operations. After biometric information is collected, employers are also responsible for complying with the industry’s standard of care when storing the data and to ensure that the information is properly destroyed when appropriate. Others states appear to have followed in Illinois footsteps. Texas, Washington, Alaska, Connecticut, Montana and New Hampshire have either passed similar laws or are considering passing such laws.
The New Jersey has not yet passed a law covering the usage of such data; however in recent years there have been attempts to do so. There is no question that as technology advances and the use of Biometric data becomes more commonplace, additional states will pass new laws covering this field. The passage of new laws in this field will undoubtedly be delayed, as these new laws pit an individual’s right to privacy against the economic interests of powerful technology companies.