More vendors who supply punchclocks and other payroll tracking technology for businesses of all sizes and types, throughout Illinois, have been targeted in class action lawsuits, asserting the vendors should be held liable for potentially millions of violations every day of Illinois’ biometrics privacy law.
Recently, two more class actions were filed in Cook County Circuit Court against such vendors, the most recent examples of such lawsuits.
On Nov. 1, attorneys from the firm of McGuire Law P.C. filed suit against Timeclock Plus , a San Angelo, Texas-based time-and-attendance systems and software vendor. The lawsuit was brought on behalf of named plaintiff Linda Fick, identified only as an employee of one TimeClock’s customers in Cook County.
And on Nov. 7, attorneys with the firm of Edelson P.C. filed a class action complaint against iSolved HCM LLC, also a time-and-attendance technology vendor. Based in Charlotte, N.C., iSolved also operates an office in suburban Schaumburg. The lawsuit was brought on behalf of named plaintiff Sergio Villagomez, who allegedly worked for an employer, identified as OMET Americas Inc., that used iSolved’s technology for payroll tracking.
Both class actions accuse the vendors of violating the Illinois Biometric Information Privacy Act. On the books since 2008, the law was spurred by the bankruptcy of Pay By Touch, a large provider of fingerprint scanners used by retailers to verify the identities of consumers purchasing products. The bankruptcy left unanswered the question of who could ultimately be held responsible should the large database of consumer fingerprints be breached.
The law imposed a number of provisions, including rules requiring businesses to obtain written authorization from people before scanning and storing their biometric identifiers – among these, fingerprints, retinal scans and facial geometry, among others. The law also required businesses to provide written notices concerning how the data was being collected, stored, shared and ultimately destroyed.
In recent years, however, the law has been used by trial lawyers to bring hundreds of class action lawsuits. While some of the higher profile lawsuits have taken aim at tech giants like Facebook and Google, most have targeted employers who require employees to scan their fingerprints to verify their identity when punching in and out of work shifts.
The lawsuits routinely level the same accusations: That the employers didn't abide by the alleged technical requirements of the BIPA law, by not obtaining express authorization from employees before requiring them to use the fingerprint scanners, and by not providing the notices allegedly required by the law. The lawsuits, to date, have not alleged the workers suffered identity theft or that their data was exposed in any way.
However, the Illinois Supreme Court ruled earlier this year plaintiffs don't need to prove they were harmed by the collection of their data. Rather, the mere technical violation of the law is enough to potentially extract crippling damages from these employers.
While lawsuits against employers have proliferated since that ruling, since last year, dozens of these lawsuits have also targeted the companies that supply the fingerprint-scanning biometric punch clocks and the software used to operate them. At first, the plaintiffs added timeclock technology vendors, like ADP and Kronos, as co-defendants, along with the employers to which the timeclocks and software were sold.
In more recent months, lawsuits have individually targeted both ADP and Kronos, two of the major players in such timeclock technology.
In Chicago federal court, Kronos has asked the judge to dismiss a consolidated lawsuit. In that motion, Kronos called the lawsuits against it individually – including one brought by a plaintiff who had already named Kronos as a co-defendant in a BIPA lawsuit against an employer – “the epitome of gamesmanship and disregard for fair adjudicatory process.”
Kronos has argued it cannot be held responsible for the alleged failure of its employer customers to abide by the technical rules of BIPA.
The class actions against Kronos remain pending in federal court, while a class action against ADP remains pending in Cook County court, according to online court records.
However, ADP managed to secure a win in a separate case, in which a Cook County judge dismissed ADP as a co-defendant in a class action brought against employer, Rockit Ranch.
"... To read BIPA as requiring that a third party provider of the biometric timeclock technology, without any direct relationship with its customers’ employees, obtain written releases from said employees would be unquestionably not only inconvenient but arguably absurd,” Cook County Associate Judge David B. Atkins wrote in that decision in September.
Plaintiffs in that case, however, have filed an amended complaint, and the case remains pending.
In the meantime, plaintiffs continue to bring lawsuits against more timeclock and time-tracking software vendors, including the lawsuits against iSolved and TimeClock Plus.
Those lawsuits followed a similar class action filed in August against NovaTime Technology, a Rancho Cucamonga, Calif.-based vendor. That lawsuit was filed by attorneys with the firm of Stephan Zouras LLP, of Chicago, and Peiffer Wolf Carr & Kane APLC, of St. Louis.
The Stephan Zouras firm is also among those suing Kronos.
The ADP class action is being prosecuted by the Edelson firm.
All of the lawsuits seek potentially millions, if not billions, of dollars in damages from the targeted vendor companies. The BIPA law allows for damages of $1,000-$5,000 per violation. Observers and litigants in the cases have indicated the law could be interpreted to define a violation in these cases as each time a worker scans a fingerprint when punching the clock. With these companies’ technologies deployed in workplaces throughout the state, that could amount to many thousands of workers scanning a fingerprint at least two to four times a day.