Can GIPA be the new BIPA?

Analysis

There’s a new wave of class action lawsuits hitting Illinois employers, based on a law that has been under the radar for more than 25 years: The Genetic Information Privacy Act, also known as GIPA. Passed in 1998, GIPA prohibits Illinois employers, or anyone acting on their behalf, from requesting or obtaining genetic information from a person as a condition of employment. “Genetic information” can include results from genetic testing, but it also includes more commonly requested information like family medical history.

The Illinois statute predates but is similar to the federal Genetic Information Nondiscrimination Act of 2008 (“GINA”), which also prohibits employers and other covered entities from requesting genetic information from an individual or family member of the individual, or requiring that the information be provided. The Illinois and the federal laws define genetic information the same way.

Plaintiffs in some GINA cases have tried to persuade the courts to take an even more liberal view of what “genetic information” is. For example, in Ries v. City of Chicago, the plaintiff tried to argue that the City of Chicago violated GINA by asking about COVID-19 vaccination status. But the court ruled that there was no violation of GINA because 1) it was not clear how the plaintiff’s vaccination status revealed anything about his human DNA, RNA, chromosomes, proteins, or metabolites; 2) vaccination status reveals nothing about an individual’s family medical history; 3) vaccination status is not “participation in clinical research” because vaccinations are not related to genetics; and 4) the plaintiff’s vaccination status had no bearing on the likelihood that he would inherit a genetic disease or disorder from a family member because COVID-19 is unique to the individual.

Although similar, lawsuits under the Illinois GIPA are far more likely to be filed as class actions than those brought under GINA because of the damages available to potential plaintiffs. Under GIPA, a plaintiff can recover damages on a per-violation basis even when the employee hasn’t suffered an actual injury. The damages range from $2,500 to $15,000, depending on whether the employer’s violation was negligent or willful. This structure of damages is similar to the one that applies to another decades-old Illinois statute: the Biometric Information Privacy Act, also known as BIPA. Under BIPA, many plaintiffs’ attorneys have made a fortune bringing class-wide claims on behalf of individuals who have suffered no actual damages.

Similar trends are now emerging under GIPA, often by the same plaintiffs’ firms. A common scenario described in the GIPA lawsuits is an employer who asks a job applicant or offeree to disclose family medical history. Other lawsuits assert violations based on fitness-for-duty examinations. In these scenarios, the employer refers an employee to a health care provider, and the health care provider asks about the employee’s medical history. Because the health care provider is acting for the employer, asking about family medical history could violate GIPA.  

The plaintiffs’ bar has discovered GIPA only recently, so the litigation is still in its early stages. However, the risks to Illinois employers are already high. Employers should evaluate whether information collected from employees (and potential employees) can arguably be considered “genetic information” under GIPA. Employers should also begin to review their policies governing fitness-for-duty and other medical examinations (for example, in the context of workers’ compensation or making reasonable accommodations for disabilities).

Please contact one of our attorneys in the Chicago office, as we can guide you in mitigating the risk of GIPA and other employment litigation.

Subscribe for Updates
Jump to Page

Constangy, Brooks, Smith & Prophete, LLP Cookie Preference Center

Your Privacy

When using this website, Constangy and certain third parties may collect and use cookies or similar technologies to enhance your experience. These technologies may collect information about your device, activity on our website, and preferences. Some cookies are essential to site functionality, while others help us analyze performance and usage trends to improve our content and features.

Please note that if you return to this website from a different browser or device, you may need to reselect your cookie preferences.

For more information about our privacy practices, including your rights and choices, please see our Privacy Policy. 

Strictly Necessary Cookies

Always Active

Strictly Necessary Cookies are essential for the website to function, and cannot be turned off. We use this type of cookie for purposes such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. 

Functionality Cookies

Always Active

Functionality Cookies are used to enhance the functionality and personalization of this website. These cookies support features like embedded content (such as video or audio), keyword search highlighting, and remembering your preferences across pages—for example, your cookie choices or form inputs during submission.

Some of these cookies are managed by third-party service providers whose features are embedded on our site. These cookies do not store personal information and are necessary for certain site features to work properly.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek