Companies are increasingly using employee fingerprints, hand scans, retina scans or facial recognition technology for timekeeping, as well as building, computer and smartphone access. In 2008, the Illinois Biometric Information Privacy Act ("BIPA") was enacted to regulate the use, collection, storage, safeguarding, handling, retention and destruction of an individual's fingerprints and identifying information from hand, retina and facial scans. BIPA defines these biologically unique traits as biometric identifiers. The individuals covered by BIPA include employees at companies using scanning devices.

In 2019, the Illinois Supreme Court held that employees do not need to demonstrate any actual harm to establish that they were "aggrieved" by their employer's violations of BIPA. In short, a simple failure to follow BIPA's requirements is enough to establish an employee's "harm." The Court's decision has resulted in numerous class action lawsuits being filed in Illinois' courts alleging violations of BIPA. Because BIPA permits monetary recovery for negligent and intentional violations of the Act and for reasonable attorneys' fees and costs, many plaintiffs' attorneys are now focused on this statute.

Every company with employees in Illinois (regardless of whether the company is Illinois-based) should (1) determine if any of its timekeeping, building access, computer access, smartphone access, or any other systems use, collect, or store biometric identifiers and (2) take immediate risk reduction and compliance measures to comply with BIPA's specific requirements.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.