Notice: We are still operating during the COVID-19 crisis. However, we are not allowing visitors to our office and most of our staff is operating remotely. Our attorneys and staff are still available to help you by phone and email. If you get our voice mail, please leave a message and it will be returned promptly. There may be delays with mail due to the crisis, so please try to send documents by email after submitting a contact form here or fax to 312-419-0379, if possible.

Have you been required to provide biometric information

Have you been required to provide electronic fingerprints, retinal or iris scans, voiceprints, or scans of hand or face geometry? This is common in the employment context, as well as others.

The Illinois Biometric Identification Privacy Act, 740 ILCS 14/1 et seq. ("BIPA"), requires companies in possession of biometric identifiers or information to (1) have a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first, (2) comply with such policy; (3) prior to acquiring biometric information, inform the subject that biometric information is being collected or stored and the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and receive a written release executed by the subject.

BIPA also prohibits companies from selling, trading or otherwise profiting from a person's biometric information, disclosing or disseminating such information without consent, unless the disclosure completes a financial transaction requested or authorized by the subject of the biometric c information or the disclosure is required by law. Biometric information must be stored, transmitted and protected against disclosure using reasonable standards of care and in a manner that is the same as or more protective than the manner in which the private entity stores, transmits, and protects other confidential and sensitive information. 740 ILCS 14/15.

BIPA provides statutory damages of $1,000 to $5,000 for violations.

Categories: