7 The Act also provides for injunctive relief and attorney fees.
6 For each violation, a prevailing party is entitled to liquidated damages of $1,000 (for negligent violations) or $5,000 (for reckless or intentional violations). The Act provides a private cause of action for “ny person aggrieved by a violation” of the Act. 4 Section 15(b) requires entities collecting biometric information to obtain written, informed consent and releases from individuals before collecting their data. Section 15(a) requires publication of a written policy regarding the company’s retention and destruction of the data. Of those requirements, subsections 15(a) and (b) are often litigated. Section 15 of the Act outlines the requirements imposed on entities that collect biometric information. Get to know the author: Check out Q&A below.
2017, is an attorney with Stafford Rosenbaum LLP, Madison, practicing commercial litigation with a focus on business disputes, real estate/construction, political law, and intellectual property litigation. This article, however, focuses primarily on BIPA because it poses the greatest risk to Wisconsin companies.īroadly speaking, BIPA “is designed to protect consumers against the threat of irreparable privacy harms, identity theft, and other economic injuries arising from the increasing use of biometric identifiers and information by private entities.” 2 BIPA applies to private entities that collect biometric identifiers, defined to include a “retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” 3ĭavid P. The next wave might target smaller operations, such as Wisconsin-based manufacturers, distributors, healthcare companies, or startups.īusiness lawyers should think generally about whether to advise clients on the risks of collecting biometric information. The first wave of out-of-state defendants comprised obvious targets – technology companies (such as Google, Facebook (now Meta), Amazon, and Shutterfly) and other large corporations (such as Johnson & Johnson, Procter & Gamble, and Estée Lauder). As a result, one commentary noted in 2019, “BIPA lawsuits have become extremely attractive to plaintiffs’ lawyers given businesses’ widespread collection of biometric information and the potentially enormous statutory damages available under BIPA.” 1Īs the well of claims dries up within Illinois, however, lawyers and potential plaintiffs have started looking to other states. BIPA liability can arise with a technical failure to comply with the statute (for example, a failure to obtain informed consent), even if there is no data breach or other mishandling of the data.
It might seem that complying with the Illinois Biometric Information Privacy Act (BIPA or the Act) is not particularly onerous, but the Act can be a trap for the unwitting. The most potent biometrics act in the United States, however, lies just over Wisconsin’s southern border, in Illinois. Earlier this year, lawmakers in California and Maryland proposed legislation aimed at regulating the collection of biometric data. Texas and Washington each have some form of a biometrics act. State regulation of biometric identifiers (such as fingerprints and face scans) is on the rise.
0 kommentar(er)
