- The Illinois Biometric Information Privacy Act (BIPA) is the most stringent privacy law in the country providing claimants with a private right of action without alleging actual injury.
- Recent decisions have held that companies outside of Illinois that collect, store or use information on employees and persons in Illinois are subject to BIPA mandates.
- Courts have held that notice of the collection of biometric information must be obtained from all persons prior to collection of the biometric information.
- A recent decision acknowledged that an expansive reading of the statute suggests that each scan of biometric information may constitute a single violation under the BIPA.
- Union employees subject to a collective bargaining agreement must pursue their BIPA claims in arbitration or before an administrative board.
- Claims of willful or intentional violation of the new law must be supported by facts.
- BIPA contains no statute of limitations for actions brought under the law, and the issue of the applicable length of the statute of limitations remains unresolved.
As tech companies race to develop facial recognition software for new applications across industry sectors, including the automotive, cosmetic, and healthcare industries, state legislatures are developing privacy laws to protect individuals’ right to privacy and control over their biometric information. The Illinois BIPA is the most stringent biometric privacy law in the U.S for the following reasons: