Litigation Blog

CUBI: Everything You Need to Know About Texas' Biometric Law and Beyond...

As companies continue to take advantage of developing technologies involving the use of biometric information, it is crucial that businesses and legal practitioners alike stay informed of the legal and compliance concerns associated with the use of such information. For instance, companies conducting business in Texas should be aware of Capture of Use of Biometric Identifiers Act (“CUBI”) (Tex. Bus. & Com. Code §503.001). Passed in 2009, CUBI regulates biometric identifiers that are used for a “commercial purpose.” While “commercial purpose” is not itself defined by CUBI and Texas courts have yet to meaningfully interpret that phrase, Texas courts have construed the term “commercial purpose” broadly, in other contexts when no definition is available (see e.g., Texas’ Product Liability Act, Tex. Bus. & Com. Code §503.001, et al.).  CUBI related concerns have created a buzz around employers’ use of kiosks and other devices for contact-tracing and other reasons, as practitioners believe that any collection of biometric identifiers for this purpose will likely fall within CUBI’s restrictions.  Importantly, while CUBI does not itself authorize a private cause of action, the Texas Attorney General is empowered to pursue violators who are subject to a penalty of up to $25,000 per violation. More »

SHARE

EMAIL TAGS: Cyber Risk & Liability

CYBER RISK CLIENT ALERT: Facebook Settles Its BIPA Suit for $550 Million While Damage and Jurisdiction Issues Remain

All eyes are on the recent settlement in Patel v. Facebook, Inc., 932 F.3d 1264 (9th Cir. 2019), where a group of class-action plaintiffs (“Class”) alleged that Facebook violated Illinois’ Biometric Information Privacy Act (“BIPA”). Patel had already received a lot of attention primarily because the Ninth Circuit found Article III standing in the absence of actual harm.

Patel settled for a massive $550 million. This is the largest cash settlement seen in a privacy-related suit according to the parties, which is creating a lot of new-found interest in BIPA with speculation on how the settlement amount will impact future claims. More »

SHARE

EMAIL TAGS: Cyber Risk & Liability

CYBER RISK CLIENT ALERT: BIPA Cutbacks Stalled in Springfield - For Now.

In response to the Illinois Supreme Court’s ruling in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186 (actual harm is not required for standing under the Illinois Biometric Information Privacy Act), the Illinois legislature is now considering amending the statute, in part, by removing its private right of action.  

Illinois was the leader in enacting privacy protections for biometric data. Illinois is still one of only a few states to have such protections in place (along with Texas and Washington).  Arizona, Florida, and Massachusetts have proposed regulations to protect biometric identification, and California will have its biometric protections take effect on January 1, 2020.  More »

SHARE

EMAIL TAGS: Cyber Risk & Liability

CYBER RISK CLIENT ALERT: Actual Harm is not Necessary Under BIPA

Recently, the Illinois Supreme Court resolved contradictory rulings from lower courts regarding standing under the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS § 14/5 (West 2016). The likely result of this ruling was that there will be increased litigation under BIPA.

In Rosenbach v. Six Flags Entertainment Corp., 2017 IL App (2d) 170317, the Illinois Supreme Court held that an individual is not required to show actual harm; establishing a technical violation of under BIPA is sufficient to be “aggrieved” and allow a plaintiff to seek remedial measures. More »

SHARE

EMAIL TAGS: Cyber Risk & Liability