Laura Balson, managing partner of Constangy’s Chicago office, authored an article for Corporate Compliance Insights highlighting lessons for businesses related to Illinois’ Biometric Information Privacy Act (BIPA), including details on the law’s requirements, measures to stay compliant and strategies to mitigate litigation risks.
“The Illinois Biometric Information Privacy Act (BIPA) requires private entities to obtain written consent when capturing, transmitting and storing an individual’s biometric information,” Balson said. “With the recent rise of technology to streamline processes in the workplace, it is important to consider whether the use of technology runs afoul of BIPA and what obligations the law imposes on employers.”
Violating BIPA can have significant consequences with massive settlements making headlines in the past year, such as Instagram agreeing to pay $68.5 million to resolve a class action filed on behalf of Illinois users. Further, an Illinois Supreme Court decision held that a separate claim accrues each time an individual’s biometric information is scanned or transmitted, significantly increasing exposure – lawsuits alleging BIPA violations after that ruling skyrocketed 65%.
All this increasing risk underscores the importance for companies to take steps to comply with BIPA. “To begin with, they must obtain advanced written consent from anyone who will be asked to use biometric technology and develop a written policy,” Balson said. “This policy must be made available to the public and codify a retention schedule along with guidelines for permanently destroying the biometric information that is gathered.”
Balson concluded the article by highlighting additional steps for compliance, like destroying biometric information when the initial purpose for collection has been fulfilled.
For more information and best practices, the full article is available here.