Print PDF

Biometrics Privacy


Biometric privacy violation is a term used to identify errors in cybersecurity made by a private entity, including companies and organizations, either through negligence or willful and wanton conduct that collect biometric identifiers of Illinois residents. The mismanagement of data collection and security obligations often have ramifications for an individual or group of people through data breaches and privacy issues.

The Biometric Information Privacy Act of 2008 (BIPA) of the Illinois Compiled Statutes (ILCS), protects residents against the unconsented collection or retention of their biometric data, which can include retina and iris scans, fingerprinting, voiceprints, use of facial recognition technology and face geometry captures, as well as other forms of data capture via software or other means. Those protections do not end at the Illinois state border; residents receive those benefits even if the company committing an infringement is located outside of the state. The rights of residents to obtain statutory damages in cases are not preempted by Workers’ Compensation, per a 2022 Illinois State Supreme Court ruling. The only other states currently with similar, but not as strong, laws are Texas, Washington and California’s Consumer Privacy Act (CCPA).

While residents have one of the strongest pieces of data privacy legislation within the ILCS, violations of BIPA still occur, leading to rampant misuse and mishandling of biometric data and identifiers. The BIPA allows for an individual to pursue a private right of action, giving Illinois residents the opportunity to find justice without waiting for the state attorney general to attempt enforcement. When private entities violate the cybersecurity standard of care afforded to all individuals in Illinois to safeguard their private biometric data, you need a skilled legal team to handle your biometric data privacy case or class action lawsuit.

The Biometric Information Privacy Act of 2008

Violations of BIPA can occur in a variety of ways. For example, companies conducting business in Illinois must provide, in writing, an opportunity for residents to consent to collecting or retaining their data and biometric information at every instance of those actions. Simple cases of biometric data collection can be scanning or clocking in and out of work, although employers are not the only private parties at risk of data protection errors. Industries from health care to social media must take care in receiving informed consent for data, as well as take the proper care for the storage of it afterward or risk a privacy lawsuit. Additionally, notice must be made in writing of why the information is being collected and the length of the storage of said data. Under BIPA, companies must maintain data protection and security precautions for your stored biometric identifiers of a standard equal to at least what they would protect their own personal identifying information. This requirement includes third parties handling or storing the data, such as cloud server storage companies that obtain and hold data for companies and their employees.

Infringements of BIPA and ILCS protections put affected Illinois residents at risk of having their compromised biometric identifiers used for identity theft or other potentially impactful actions by third parties. The Federal Trade Commission’s annual Consumer Sentinel Network report shows fraud, identity theft and other reports have risen from 0.33 million in 2001 to 4.87 million in 2021 and 5.74 million in 2022. Identity theft accounted for 25 percent, or 1.4 million, of reports to the FTC in 2021, up over twice the amount reported in 2019.

BIPA claims allow for affected parties in the state to seek a private right of action to potentially receive financial compensation of up to $5,000, starting at $1,000, for each instance of a negligent or reckless violation of the biometric data law.  A violation can range from negligence-based to reckless or even intentional skirting of state laws. The Illinois Supreme Court will rule in late 2022 or 2023 whether a violation occurs at every instance or only the first time a company commits a breach of BIPA, and a federal court is expected to answer questions regarding whether or not infringements by third parties contracted by a company creates a liability for that business as well. The third party must also obtain consent to collect and/or retain the data, in addition to the originating company’s own requirements under BIPA.

Your biometric privacy law claim

With headquarters in Chicago, the law firm of Romanucci & Blandin approaches a biometrics privacy action to provide monetary compensation and hold a culpable business or organization financially accountable and responsible for the statutory damages that have occurred.

Our law firm has a team of plaintiffs attorneys and staff with years of experience with privacy litigation. Our biometric privacy team includes partners who guide the process and share their deep knowledge of these types of lawsuits. Each client and each situation is different, and your BIPA class action litigation or claim is treated with great care and respect as the team investigates what happened and determines the best path to justice for you.

At Romanucci & Blandin, our biometric privacy litigation attorneys research the most up-to-date case biometric privacy law regarding the Illinois Biometric Information Privacy Act and hire trained and experienced biometrics and privacy experts to work as expert witnesses and consultants on your case or biometric privacy class action lawsuit. We will evaluate your injury and claim, and research the relevant statute of limitations applicable to your case. BIPA is an evolving set of regulatory laws, as cases defining its reach and limitations in regard to biometric technology, data breaches, privacy issues and negligent or reckless violations are decided in 2022 and 2023 in both state and federal courts.

Whether it is to review data misuse, unlawful storage or improper safeguarding of personal identifiers and other negligence of companies or organizations, we work to locate and utilize the best privacy and data security experts and expert witnesses across the country who are experienced in all the relevant state laws.

Types of biometrics privacy claims

Illinois law data security violations that we handle for our clients include, but are not limited to, the collection, retention and/or use of biometric identifiers without informed consent, such as:

  • Facial recognition technology
  • Face geometry
  • Voiceprint
  • Retina or iris scan
  • Fingerprints
  • Social Security Number (SSN)
  • Photo scanning (ex: Google Photos)
  • Altered reality (ex: online shopping)
  • Scan of hand
  • Authentication via biometric technology in other forms

Free consultation with Chicago-based biometric privacy lawyers

The biometric privacy attorneys at Romanucci & Blandin have proven success in these types of cases and class actions. Please contact our office at, 312-458-1000 or click here for a free evaluation of your biometric privacy case. There is never a fee until you are compensated for your injuries at the end of the case.

Disclaimer: The content found on this page is not legal assistance and contacting the mass tort and class action lawyers at Romanucci & Blandin’s law office for a free consultation regarding personal injury cases and wrongful death claims does not constitute an attorney-client relationship. 


Blog Posts

Related Attorneys

Related Practices

Jump to Page


Get a free consultation regarding your personal injury case today.

Tell Us About Your Case

Sign Up for Our Newsletter

* Indicates a required field.

By using this site, you agree to our updated Privacy Policy and our Terms of Use.