CYBER RISK CLIENT ALERT: BIPA Cutbacks Stalled in Springfield - For Now.
In response to the Illinois Supreme Court’s ruling in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186 (actual harm is not required for standing under the Illinois Biometric Information Privacy Act), the Illinois legislature is now considering amending the statute, in part, by removing its private right of action.
Illinois was the leader in enacting privacy protections for biometric data. Illinois is still one of only a few states to have such protections in place (along with Texas and Washington). Arizona, Florida, and Massachusetts have proposed regulations to protect biometric identification, and California will have its biometric protections take effect on January 1, 2020.
Only two states have followed Illinois in providing a private right of action for biometric identification privacy violations: Florida and California. Illinois, though, may be retreating. The Illinois Senate introduced SB 2134 in February 2019, one feature of which is to remove a private right of action. In its place, violations of BIPA would fall under the Illinois Consumer Fraud and Deceptive Business Practices Act, vesting BIPA’s enforcement to the Illinois attorney general and providing a three-year statute of limitations. Additionally, the amendment provides that if a BIPA violation occurs within the workplace, an employee or former employee may file a complaint with the Department of Labor within one year of the violation.
This bill has most recently been re-referred to assignments, meaning the bill did not receive the requisite number of votes needed to move to the next phase for ratification. This bill, or something similar, will likely be proposed during the next session. Illinois’ legislative session typically runs from January to the end of May. However, there is also a two week session in the fall, during which time we may see progress on this Bill.
While the Illinois Senate is considering eliminating BIPA’s private right of action, the Illinois House is looking to expand BIPA to include “electrocardiography result from a wearable device” in HB 3024. Presently, the proposal is less than clear on what would be considered a wearable device, leaving companies questioning whether they will be affected if this amendment were to go into effect. The bill has most recently been re-referred to the rules committee after it did not receive enough votes to pass.
Additional proposals limiting the protections of BIPA were made in the Illinois Senate (SB 3053) by excluding from BIPA’s reach a private entity’s use of biometric identification information when: (1) the information is strictly being used for employment purposes, (2) the private entity does not sell or share in any way the biometric identification information it collects, or (3) the private entity protects the biometric identification information in the same manner, or a more protective manner, than the manner in which it stores other confidential or sensitive information. The bill has since been placed in adjournment sine die, meaning the legislative session ended and the bill did not pass. Any further action on the bill is postponed till the next legislative session.
It will be important for companies to monitor these amendments and any other legislation regarding biometric privacy. Segal McCambridge works closely with its clients to track the progress of legislative activity, not only in Illinois but across the United States, to ensure full compliance with BIPA and other privacy laws.
For further information regarding BIPA or privacy laws generally, contact Joseph Kish, firstname.lastname@example.org or 312.644.3538.
- 11th Circuit Court Clarifies Harvey v Geico Florida Supreme Court Decision on Evidence of Claimant and Claimant Counsel Action in Bad Faith Case
- Finally! Discovery Harassment of Top-Level Corporate Officers is Curtailed
- Limitations for Policyholders Seeking Coverage in Employment-Related BIPA Cases
- The Death of Impartiality - "Dr. Death," Reptilian Tactics, and Fighting Juror Bias
- Vaccine Mandates in the Workplace Are Spreading
- Considerations That Employers Should be Mindful of as Employees Return to the Office
- A Win for Policyholders Seeking Coverage in a BIPA Class Action Suit
- Reasonable Disagreement or Fraud? Competing Estimates of Property Damage in First Party Claims
- Malpractice Mayhem: An Insurer's Standing to Sue Counsel Retained to Defend Its Insured
- Prejudgment Interest Now a Reality in Illinois
- Professional Liability
- Class Action
- Complex Commercial Litigation
- Insurance & Reinsurance Litigation & Counseling
- Insurance Coverage
- Cyber Risk & Liability
- Toxic Tort
- Professional Development
- Employment Litigation & Counseling
- Medical Negligence & Healthcare Liability
- Pharmaceutical & Medical Device Litigation
- Product Liability
- Construction Litigation & Counseling
- Social Media & Privacy
- Discrimination, Harassment & Hostile Workplace Claims
- Workers' Compensation