Quantcast

Illinois biometrics law unconstitutional, unfairly excludes government, 'financial institutions,' Jewel-Osco parent argues

COOK COUNTY RECORD

Thursday, December 26, 2024

Illinois biometrics law unconstitutional, unfairly excludes government, 'financial institutions,' Jewel-Osco parent argues

Hot Topics
Jewel

Saying the law sets up an "absurd example of do as I say, not as I do,” the parent company of Jewel-Osco has asked a judge to strike down an Illinois state privacy law that it says places most private employers at risk of huge judgments, while exempting the government, its contractors and financial institutions from the same potentially draconian provisions.

On Aug. 20, lawyers for Albertsons filed a motion in Cook County Circuit Court, arguing the Illinois Biometric Information Privacy Act is unconstitutional.

“There is no rational basis to treat financial institutions, the government or government contractors differently under the BIPA,” Albertsons wrote in its brief. “If the BIPA was truly enacted to protect Illinoisans’ biometric data, to leave some of the biggest employers in the state unregulated, and thus their employees unprotected, and to allow those entities the benefit of not having to comply with the BIPA is nothing short of arbitrary.”


David S. Almeida | Benesch Friedlander Coplan Aronoff

Albertsons has been in court since 2018, defending against a class action brought by a group of Osco pharmacists who claim the company violated the BIPA law in the way it required pharmacists to scan their fingerprints to verify their identity when accessing pharmacy computers “for both accountability and performance purposes.”

Specifically, the complaint accuses Jewel-Osco and its corporate parent of not first securing written authorization from the pharmacists for the fingerprint scans, nor supplying the pharmacists with notices and documents they claim are required by the BIPA law before requiring the fingerprint scans.

For these alleged violations, the lawsuit seeks damages of as much as $5,000 per violation – which legal observers have asserted could be interpreted to mean each time a pharmacist scanned their fingerprint in Jewel-Osco’s pharmacy system.

In its brief, Albertsons says the potential damages it faces under the suit could be “extraordinary.”

The class action could include nearly all pharmacists who have ever scanned their fingerprints into a Jewel-Osco database.

The lawsuit is among hundreds of such class actions pending in Cook County and other Illinois courts against employers. Many of the lawsuits center on similar allegations, with many of the lawsuits filed against employers who required workers to scan fingerprints to either punch in and out of work shifts, or to access secure facilities or stores.

Earlier this year, the Illinois Supreme Court specifically found plaintiffs don't need to prove they were actually harmed by the scans or that their information had even been at risk of being exposed in a data breach. The court at the time also brushed aside any concern over the potential impact of such lawsuits on businesses and employers. 

The lawsuits have cut across the spectrum of employers, including hotels, retailers, restaurants, janitorial services contractors, hospitals, elder care facilities, manufacturers and many others.

However, in its brief, Albertsons asserts the lawsuits have notably excluded Illinois’ two of Illinois’ largest class of employers – government agencies and financial institutions.

Albertsons said this exclusion was intentional, written into the law, when lawmakers amended the measure before voting on it.

Albertsons said these changes, which it said weren’t much discussed in the legislative record, has not only left large swaths of Illinois workers unprotected under the provisions of the BIPA law, but also has unfairly and unconstitutionally exposed large swaths of Illinois employers to the risk of litigation.

Albertsons argued the exclusions carved out for government employers and financial institutions violate other employers’ guarantees of equal protection in the U.S. Constitution and violate the Illinois state constitution’s prohibition on “special legislation,” which benefits a select group at the expense of all others.

Albertsons noted, for instance, that a janitorial contractor providing services at a government building would be exempt from BIPA’s notice and authorization provisions and the risk of $5,000 per violation fines. However, a company providing identical services at “a private building next door” would be subject to the law’s potentially crippling provisions.

“This treats identically situated entities and employees differently for no apparent purpose,” Albertsons wrote.

Further, Albertsons said the exclusion carved out for “financial institutions” from BIPA would leave untold numbers of workers’ private information unprotected under BIPA, as the federal law used as the basis for defining “financial institutions” under BIPA has been interpreted to include retailers who issue their own credit cards, car dealers, career counselors, check cashing businesses, accountants, travel agencies and others.

Albertsons noted the law could thus be interpreted to include the very employers most at risk of suffering data breaches. Albertsons said that list could even include Pay By Touch, the business whose bankruptcy and resulting data breach risk supposedly inspired Illinois lawmakers to enact BIPA in 2008.

The judge in the case had earlier rejected an attempt by Albertsons to dismiss the case. Albertsons had argued its pharmacists should be excluded from BIPA by the federal privacy protections under the federal HIPAA law.

Plaintiffs, however, had argued those protections applied only to patient information, not pharmacists and other health care providers.

The judge sided with plaintiffs – a decision Albertsons came despite the judge agreeing BIPA’s HIPAA exception was “ambiguous” and a lack of any discussion on that provision in the record from lawmakers.

 “Despite Albertsons’ reasonable interpretation of the law, Albertsons now risks extraordinary statutory damages through this putative class action,” Albertsons argued. “… To leave Albertsons in a position where it reasonably interpreted a law, but stands to face significant statutory damages … is manifestly unfair.”

 Albertsons and Jewel-Osco is represented in the action by attorneys David S. Almeida, Suzanne Alton de Eraso and Mark S. Eisen, of the firm of Benesch Friedlander Coplan & Aronoff LLP, of Chicago.

Plaintiffs are represented by attorneys Andrew C. Ficzko, Ryan F. Stephan and James B. Zouras, of the firm of Stephan Zouras LLP, of Chicago.

More News