Illinois Biometric Information Privacy Act

With the need for no-contact transactions and interactions, biometric identifiers are increasingly being used for everything from clocking in to work to making purchases. Biometric identifiers include retina/iris scans, fingerprints, voiceprints and scans of hand or face geometry – features that are unique to an individual. They make assigning authority and access to specific people possible. Examples include:

• Lockboxes opened using fingerprints
• Computer screens opened using facial recognition

In October 2008, the Biometric Information Privacy Act (BIPA) was enacted in Illinois to regulate the collection, use and storage of biometric identifiers and information. To comply with BIPA, business owners have specific mandates to follow when dealing with biometric information. For example, a private entity in possession of biometric identifiers and information must develop a written policy available to the public.

Why it matters

BIPA lawsuits, particularly class action lawsuits, have steadily risen over the past few years, and settlements can reach millions of dollars. Examples of class action settlements include:

• Facebook: $650 million (facial recognition)
• TikTok: $92 million (facial recognition)
• Walmart: $10 million (employees’ use of a palm scanner)
• ADP: $25 million (required employees to scan fingerprints when clocking in)

As the use of biometric information is becoming more common, encourage your customers to review their operations for any use of biometric information. Encova’s Illinois Biometric Information Privacy Act flyer can be one resource to guide their review.