Biometric Workplace Privacy Suits Erupt in Illinois State Court

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Michael J. Bologna

The Illinois state court covering Chicago has become ground zero for a new rush of workplace biometric privacy class complaints against employers filed in the last seven weeks.

The Illinois Biometric Information Privacy Act (BIPA) limits how companies can collect and use biometric data of individuals, requiring written notice to and consent from individuals to collect and store their biometric data, such as fingerprints or facial scans. BIPA includes a private right of action that allows individuals to file lawsuits and seek to represent classes of similarly affected individuals.

Since Sept. 1, 25 BIPA class action complaints have been filed in Cook County Circuit Court, Bloomberg Law Dockets data show. Cases have been brought against technology and consumer-facing employers, including restaurant chain Hooters Inc., hotel services company Pineapple Hospitality Inc., biometric time-tracking device maker Kronos Inc., and industrial supplier Alro Steel Co.

Those 25 complaints represent more than 74 percent of the approximately 34 BIPA actions that have been filed in Cook County since the start of the year, according to Bloomberg Law Dockets data.

“These employment complaints typically allege employers are collecting and using individual biometric identifiers—typically fingerprints or handprints—for timekeeping purposes,” said David Gerbie, class action associate at McGuire Law PC in Chicago, told Bloomberg Law. Companies aren’t “providing the individuals with the required disclosures under BIPA prior to collecting such information,” he said. McGuire Law has filed nine BIPA complaints in Cook County since Sept. 1.

The reason for the recent rise in Cook County BIPA cases against employers is unclear. It may be due to a combination of factors, including increased, but uninformed, use of biometric technology by employers.

Employer Rush to Biometrics

Biometric timekeeping vendors are selling systems to employers without discussing the legal obligations that go with the technology, according to plaintiff-side litigation partner Jay Edelson of Edelson PC in Chicago. Companies “are so excited to use this new technology that they are not breathing for a second and saying ‘hold on, this is really important, this is someone’s information and let’s make sure we are complying with the law.’” Edelson has filed four of the recent BIPA actions in Cook County.

Corporate defense-side attorneys agree that employers have rushed to integrate biometrics without knowing the law, but attribute the rise in Cook County BIPA cases in part to a private right of action and the potential for collecting bountiful attorneys’ fees.

BIPA allows individuals to file complaints on behalf of themselves and potentially classes of other similarly situated individuals—such as coworkers. The law includes statutory damages of $1,000 per negligent violation and $5,000 per intentional violation, plus attorneys’ fees. Biometric privacy laws in Texas and Washington, the only other states with such laws, don’t allow individuals to file such lawsuits and have no statutory damages.

Some plaintiffs’ attorneys have “caught on and realized there are liquidated damages and personalities,” Jenny R. Goltz, management-side labor and employment attorney at Cozen O’Connor in Chicago, told Bloomberg Law. These cases “are basically low-hanging fruit,” she said.

Settlement Potential

Many employers will likely forgo litigation and settle BIPA cases quickly, Goltz said. Because of the private right of action and high statutory damages, companies will want to end these cases quickly, he said. And in most of these cases, companies “would likely lose,” he said.

Some success of plaintiffs in consumer biometric privacy suits may be sending a signal that prompts workplace biometric litigation.

BIPA cases brought before Illinois state courts have rarely settled, Edelson said. But in 2015, L.A. Tan agreed to pay $1.5 million, including $600,000 in attorneys’ fees, to a class of Illinois consumers whose fingerprints were scanned at tanning salons.

Harm Standards

Companies that can remove their BIPA cases to federal court should seek to do so because of limits on plaintiffs to sue in such a venue. Companies that move to federal court can then amount aggressive defenses against plaintiffs that might lack necessary evidence of actual harm regardless of BIPA’s statutory damages, attorneys told Bloomberg Law.

The U.S. Supreme Court ruled in Spokeo, Inc. v. Robins that plaintiffs must show more than a “bare procedural violation” to show standing to sue.

The Spokeo threshold would be a major line of defense for companies in federal court facing BIPA claims, Jeffrey Neuburger, a partner with Proskauer Rose LLP in New York, told Bloomberg Law.

Plaintiffs would also have difficulty in showing actual harm for alleged BIPA violations because many of the fact patterns, so far, only focus on abstract harms, attorneys said.

Actual injury is hard to prove in cases where an “employer simply failed to inform and seek consent for collecting fingerprints,” Daniel Birk, a complex litigation and class action partner with Eimer Stahl LLP in Chicago, told Bloomberg Law. “If all the defendant is accused of doing is not handing out a written policy explaining how they will store the data, well there might not be any harm associated with that.”

To contact the reporter on this story: Michael J. Bologna in Chicago at mbologna@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security