Employers Face Mounting Lawsuits Under Illinois’ Biometric Information Privacy Law

April 27, 2018

The increasing use of biometric timekeeping systems coupled with failures to obtain employee permission to collect and store the data obtained by such systems is triggering a wave of class action litigation under Illinois state law.  Under the ten-year-old Biometric Information Privacy Act, companies must obtain an employee’s written permission before collecting their fingerprints, retina scan, or other identifying biological traits.  Further, companies must inform employees in writing how and where the data is being collected or stored.  Each negligent violation carries a $1,000 penalty, increasing to $5,000 for each willful or reckless violation.  The latest lawsuit, which is against Hostmark Hospitality Group Inc. and InterContinental Hotels Group Operating Corp., alleges employees were not told what their fingerprints are used for, how long they are stored in the company computer system, and how they are destroyed.  As the use of data becomes increasingly important in light of emerging technologies such as artificial intelligence, such lawsuits may trigger the formation of new policies to regulate its use.