Two momentous decisions regarding the Illinois Biometric Information Privacy Act (BIPA) recently came down from the Illinois Supreme Court. First, the Court recently ruled in Cothron v. White Castle System Inc. that a BIPA violation occurs with every scan or transmission of biometric data, i.e. a new violation accrues every time an employee uses a biometric time clock, potentially several times per work shift. Many BIPA cases have previously been resolved on the premise that an individual could only accrue one BIPA violation and the damages would be limited to the first time a biometric marker is collected in violation of the statute. Going forward, however, the law of the land has changed and the potential damages are exponentially higher.
BIPA Goes on Trial
The Illinois Biometric Information Privacy Act (BIPA) has been on the books as one of the nation’s most protective biometric privacy statutes since 2008. It was also one of the first to give individuals a cause of action for monetary damages against individuals or companies that violate the law. For the first time in the Act’s 14 year history, however, a case has been tried before a jury to a verdict. The Rogers v. BNSF trial recently wrapped up in the U.S. District Court for the Northern District of Illinois, with Judge Matthew Kennelly presiding and the $228 million verdict stunning, but not surprising, many who have been following BIPA developments.
Despite BIPA’s relatively maturity, basic questions still remain as to the scope of the statute. Most pressingly, the applicable statute of limitations for violations of the Act (how many years a plaintiff has to file a lawsuit after a violation), and the number of BIPA violations that may accrue have not been decided.
Continue Reading BIPA Goes on Trial
Lessons From Equifax – Trends on Data Breach of Employee Information
The recent Equifax breach data and public missteps in handling the breach has companies revisiting their cybersecurity measures and refreshing their breach response plans. Although not every company has consumer data likely to be targeted by hackers, employment files may be compromised, such as when breaches of U.S. government databases exposed the personally identifiable information…