In Snider v. Heartland Beef, No. 4:20-cv-04026-SLD-JEH, 2020 U.S. Dist. LEXIS 152791 (C.D. Ill. Aug. 14, 2020), Plaintiff (a former Arby’s employee) filed a lawsuit against Heartland Beef (an Arby’s franchisee). In the lawsuit, Plaintiff alleged that Heartland violated the Illinois Biometric Information Privacy Act (“BIPA”) by “scanning and retaining employee fingerprints without informed
On June 16, 2020, District Judge John Tharp partially denied White Castle’s motion to dismiss in Cothron v. White Castle Sys., No. 19 CV 00382, 2020 U.S. Dist. LEXIS 104795, at *2 (N.D. Ill. June 16, 2020). White Castle is left to litigate a former employee’s claims that the restaurant chain violated various provisions…
The Illinois Biometric Information Privacy Act (“BIPA”) went into effect in 2008 and has been a steady source of litigation ever since. This post summarizes the obligations BIPA imposes, the current state of BIPA litigation, and what steps businesses can take to reduce litigation risks.
What is BIPA?
The stated intent of BIPA was to address the heightened risk of identity theft associated with the processing of biometric data. The legislator’s findings state that, “unlike other unique identifiers that are used to access finances or other sensitive information,” when biologically unique data is compromised, “the individual has no recourse” because the individual cannot change these identifiers.
Continue Reading The Illinois Biometric Information Privacy Act (“BIPA”): When Will Companies Heed the Warning Signs?
On January 25, 2019, the Illinois Supreme Court ruled that a consumer need not demonstrate an adverse effect or specific harm, such as evidence that personal information was stolen or misused, to have standing to sue under the state’s Biometric Identity Protection Act (BIPA). The court held that a procedural violation of the law itself is sufficient to support a private right of action under BIPA. The court’s decision will give real teeth to the 200-plus BIPA actions already filed in Illinois – the only biometric law in the country with a private right of action – and we are likely to see a boost in lawsuits against private entities alleging procedural BIPA violations.
In Rosenbach v. Six Flags (a more detailed explanation of the facts and previous inter-district split is provided in a previous blog post), the Court held that Rosenbach’s son can be considered an “aggrieved person” under BIPA based simply on the fact that his fingerprint was taken (for a season pass to Six Flags) without the required written consent. The Illinois Supreme Court opined that even a “technical” breach prevents an individual from maintaining his/her biometric privacy, which the court considers a “real and significant” injury to one’s “statutory right.”…
In Illinois, the courts are grappling with an issue akin to the Article 3 standing issues that courts have been analyzing in post-breach cases for years, that is, whether a plaintiff must claim actual harm as a result of a statutory violation or whether the violation is sufficient by itself to support standing to sue.
Continue Reading Illinois Supreme Court to Resolve the Conflict over the Scope of BIPA’s Private Right of Action.