Legal Operations » BIPA Decision May Open Employers Up to Colossal Damages

BIPA Decision May Open Employers Up to Colossal Damages

March 3, 2023

cryptocurrency-coin-background-design-vector-id1350052145

In a decision on February 17, 2023, the Supreme Court of Illinois held that claims under the Illinois Biometric Information Privacy Act (BIPA) accrue on each scan or collection, allowing per scan damages. BIPA, passed in 2008, regulates the use, collection, and storage of biometric data and provides that entities cannot “obtain” individuals’ biometric data without providing notice and receiving consent, nor can they “disclose, redisclose, or otherwise disseminate” biometric data without consent. In Cothron v. White Castle System Inc., a White Castle restaurant manager filed a proposed class action alleging that the company required employees to scan their fingerprints to access pay stubs and computers beginning in 2004. Once a scan was taken, it was transmitted to a third-party vendor for verification and authorization for access. The restaurant manager alleged that the company did not obtain the requisite consent under BIPA until 2018. The justices rejected arguments from White Castle that BIPA is violated, if at all, only the first time the alleged fingerprint is scanned or collected. The ruling could open employers up to colossal and potentially devastating damages unless the legislature amends BIPA. White Castle intends to file a petition for rehearing within 21 days.

Get our free daily newsletter

Subscribe for the latest news and business legal developments.

Scroll to Top