Have you ever been fingerprinted or had your face scanned without signing a consent form?  At work, do you ever use a fingerprint or retina scanner to clock in or access part of a building? Has personal information you’ve provided ever been stored on an unsecure computer system? 

If you’ve been in any of these situations, your rights may have been violated because, in Illinois, your biometric information belongs to you and only you.

Illinois was the first state to regulate the collection and storage of biometric data. Generally, the Illinois Biometric Information Privacy Act (BIPA) requires any private entity in possession of biometric information to: (i) develop a written policy, (ii) inform consumers in writing about the purpose for collecting the information and the length of time it will be stored, (iii) obtain consent for the collection and storage of the data, and (iv) refrain from selling, leasing, trading, or otherwise profiting from that biometric information. Since late 2008, BIPA has offered Illinoisans a veil of protection over a unique combination of personal assets: biometric identifiers and information. This includes confidential and sensitive information such as account numbers, governmental identifiers, retina and iris scans, fingerprints, voiceprints, facial geometry, DNA, and other biological data unique to you. As the Supreme Court of Illinois put it, BIPA protects your right to control your information by requiring notice before collection and giving you the power to say no.

The BIPA statue contains fewer than 1,500 words but protects Illinois employees’ and residents’ biometric information in four powerful ways.

First, the Act defines “biometric identifier,” “biometric information,” and “confidential and sensitive information” broadly. The definition includes everything from hair and eye color to account and social security numbers, regardless of how they are captured, converted, stored, or shared.

Second, BIPA requires informed consent before any individual’s data is collected. This means whoever is collecting your data must inform you in writing that your biometric data is being collected, why it is being collected, and for how long it will be stored and used.

Third, BIPA mandates that precautions be used in storing your data—at least as much precaution as whoever collects your date was use in protecting their own sensitive information.  Notably, BIPA outright bans selling, leasing, trading, or otherwise profiting off of your data.

And fourth, BIPA provides Illinoisans legal recourse—in the form of money damages—against negligent, reckless, and intentional actors, even if you don’t actually suffer any harm beside a technical violation of the rights provided by the Act.  For instance, if your data was collected without your consent but it was stored properly, you could still be entitled to compensation for the violation of your rights conferred to you by BIPA—including the right to consent to data collection.

BIPA entitles you to $1,000 to $5,000 in compensation for each violation of your BIPA rights.  In this age of rampant biometric information collection, it is crucial to keep our biological data safe.  If you or someone you know has had your biometric information collected, there’s a fair chance that BIPA was not followed and your rights may have been violated. 

Romanucci & Blandin LLC handles BIPA lawsuits on behalf of working Illinoisans across the state to recover for violations of their BIPA rights. If you have any questions, contact our BIPA enforcement team at 312.815.2326.