llinois Biometric Law Applies to Every Scan, Supreme Court Rules

The recent ruling by the Supreme Court on the Illinois Biometric Information Privacy Act (BIPA) has significant implications for companies that collect and store biometric information in Illinois. The BIPA requires companies to obtain written consent before collecting biometric information such as fingerprints and facial scans from individuals. The recent ruling clarifies that each scan of an individual’s biometric information is a separate violation of the law and that individuals can sue for each instance of non-compliance.

The BIPA was passed in 2008 to protect the privacy rights of individuals in Illinois. The law requires companies that collect biometric information to provide notice and obtain written consent from individuals before collecting, storing, or sharing that information. The law also requires companies to develop and maintain written policies for the retention and destruction of biometric information.

The recent ruling by the Supreme Court stems from a case involving a company called BNSF Railway, which used fingerprint scans to track employee time and attendance. BNSF Railway argued that the BIPA only applied to the initial collection of biometric information and not to subsequent scans of that information. The Supreme Court disagreed and affirmed a decision by a lower court that each scan of an individual’s biometric information is a separate violation of the law.

This ruling has significant implications for companies that collect and store biometric information in Illinois. Companies that violate the BIPA can be sued by individuals for damages ranging from $1,000 to $5,000 per violation. Given that each scan of an individual’s biometric information is now considered a separate violation, companies that collect and store biometric information could face significant liability if they do not comply with the BIPA.

The ruling also highlights the importance of developing and maintaining written policies for the retention and destruction of biometric information. Companies that collect biometric information must have clear policies in place for how long that information will be retained and how it will be securely destroyed when it is no longer needed. Failure to comply with these policies can result in liability under the BIPA.

The BIPA is one of the strongest biometric privacy laws in the country, and the recent ruling by the Supreme Court underscores the importance of protecting the privacy rights of individuals in Illinois. Biometric information, such as fingerprints and facial scans, can be highly sensitive and can be used for a variety of purposes, including identity theft and surveillance. The BIPA provides important protections for individuals by requiring companies to obtain written consent before collecting biometric information and by imposing liability on companies that violate the law.

Overall, the recent ruling by the Supreme Court on the Illinois Biometric Information Privacy Act has significant implications for companies that collect and store biometric information in Illinois. Companies that violate the BIPA can be sued by individuals for significant damages, and failure to comply with the law can result in significant liability. Companies that collect biometric information must develop and maintain written policies for the retention and destruction of that information and must obtain written consent from individuals before collecting that information. The BIPA is an important law that provides critical protections for the privacy rights of individuals in Illinois.