Biometric Information Protection Act
Privacy in Illinois and Biometric and Fingerprint Privacy
Fingerprints, facial image, hand image, voice recognition, and retina imprints from retina scans all represent unique information about you. If someone else has that information, you are at a greater risk of identity theft and other violations of your privacy. While you can change your bank account or other things related to your social security number, you cannot change your body.
Companies are using fingerprint and facial scans for all sorts of reasons. For employees they are using fingerprints or even facial scans to track hours worked, for identification, and even for background checks. But its not just your employer who is collecting this data. You have a right to privacy when other companies collect it as well.
You do not need to have been injured to have a claim for invasion of your biometric privacy. Sectoin 10 (740 ILCS 14/10) of the Biometric Information Privacy Act also known as BIPA, 745 ILSC 14, requires that before a company can take your biometric data it must:
Tell you in writing that it is collecting your biometric information whether it be fingerprints, retina scans, facial imaging or something else.
Tell the in writing the specific reason it is collecting that information.
Tell you in writing how long it is going to keep that information.
Tell you in writing how it is collecting, storing, and using the information
And most importantly, get your WRITTEN PERMISSION to collect that information.
Under recent Illinois Supreme Court law, you DO NOT HAVE TO SHOW INJURY when your employer or other company violates this law. A violation can entitle you to $1,000 or even $5,000 just because the company took your fingerprint and failed to give you a written explanation and to get your written permission to do it. And if you do suffer as a result of it, you may be able to get more.
Section 15 of BIPA sets specific requirements for retention and collection of biometric information. At 740 ILCS 14/15 the law requires the company to:
Maintain a written policy
Available to the public
With a schedule for how long the information will be retained
With guidelines for how it will be destroyed, and
The information MUST be destroyed within three years of the company’s last interaction with you.
The company also cannot sell your biometric information or disclose it without your consent.
Has your employer taken your fingerprints or other biometric information?
Did it tell you in writing why it was doing so, how it was doing so, how long it would keep the information and what it was using it for?
Did some other company take that information without getting your written permission?
If this has happened to you, you need to talk to a BIPA lawyer.