SPRINGFIELD — The Illinois legislature is considering a bill that could limit the avenues to litigation now being pursued in a wave of class actions against businesses and employers of all sizes under the state’s biometric information privacy law, for such things as scanning employee fingerprints for use in employee punch clock timekeeping systems.
But that shouldn't prompt employers to change anything in their response to the litigation risk just yet, said Jeffrey Neuburger, an attorney at Proskauer Rose LLP.
“They (state legislators) would be narrowing the scope of the law,” Neuberger told the Cook County Record.
The bill, SB3053, would amend the Illinois Biometric Information Privacy Act, or BIPA, to exempt companies and individuals who collect biometric data “exclusively for employment, human resources, fraud prevention or security purposes.”
The bill was introduced by state Sen. Bill Cunningham (D-Chicago).
Enacted in 2008, BIPA governs the way biometric identifiers—such as fingerprints, retina scans and facial-recognition technology—are collected, stored and disclosed. More specifically, companies and individuals typically are required under the law to notify and obtain consent from people before collecting their biometric data.
Though the current law has been championed by privacy advocates, it has prompted a bevy of copycat lawsuits in recent years against companies that have allegedly failed to comply with the act’s provisions.
Neuburger said that “blatant uses for commercial services” would be the first actions put in the reform bill’s spotlight.
“To the extent that someone is collecting information for commercial gain - for example, to identify people when they walk into a store - some of that behavior may be targeted,” he said.
Neuburger said the changes are “a function of Illinois politics” and that his firm has been advising clients on how to deal with the current rules. Many of these pieces of advice would be relevant if the proposed amendments to the act were signed into law.
“We have been telling people to try to comply with the law as it is,” he said. “That means having the right notices and consents.”
Neuburger said that it's important for businesses and other parties to collect and store the data in a secure way, adding that data holders must use that data for security purposes - not for trying to sell things to people.