Hyatt Regency Chicago | By Ray Dumas from Warren, USA (IMG_8857 - Hyatt Regency Chicago - Wacker Drive) [CC BY-SA 2.0 (https://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons
Faced with a potentially massive class action accusing it of violating an Illinois biometrics privacy law, Hyatt Hotels is attempting to rope in the vendor that supplied the employee punch clocks at the heart of the complaint.
For more than two years, Hyatt has sought to defend itself against the potential class action sought by lawyers representing named plaintiff Robin Rapai.
First filed in October 2017 in Cook County Circuit Court, the lawsuit accuses Chicago-based Hyatt of not abiding by the provisions of the Illinois Biometric Information Privacy Act in the way the hotel chain has required Rapai and workers to scan their fingerprints when punching in and out of work shifts.
Lisa Handler Ackerman | Wilson Elser
The lawsuit was initially brought by attorney James X. Bormes and attorneys from The Khowaja Law Firm LLC, of Chicago. However, late last year, lawyers Jad Sheikali and Timothy P. Kingsbury, of Chicago-based McGuire Law P.C., began representing the plaintiffs.
Employers have shifted in large numbers to the use of so-called biometric punch clocks, which require shift workers to verify their work hours by scanning some kind of biometric identifier, most commonly a fingerprint. The technology has been touted as a way of reducing so-called punch fraud, in which an employee might input the information of a coworker to make it appear the coworker was on the job, when they had either arrived late or departed early.
However, in recent years, the technology has been targeted in Illinois by class action lawsuits brought under the BIPA law by a group of plaintiffs’ law firms, including a large number by lawyers at McGuire Law.
While supporters of the law indicated the law’s purpose was to protect Illinois residents against the risk of data breach and identity theft, plaintiffs’ lawyers have used the law to launch a barrage of collective action lawsuits against employers of all sizes and types. Many of these lawsuits have centered on employers’ use of biometric time clocks.
Specifically, the lawsuits have typically attempted to extract damages of $1,000-$5,000 per violation from employers for allegedly failing to notify employees of how the business intended to collect, use, share and ultimately destroy their biometric data, as they assert the BIPA law requires.
Legal observers have indicated a belief the law’s damages provisions could be read in such cases to define a “violation” under BIPA as each time a worker punches the clock. This, attorneys have argued, could drive the potential damages well into the millions of dollars, for even small shops, and potentially into the billions for large employers.
While some defendants have settled, others, Hyatt and others have contested the action.
Last fall, a Cook County judge denied Hyatt’s attempt to dismiss the lawsuit.
But Hyatt has continued to seek to secure a win in the case and either absolve itself of liability, or greatly reduce its risk.
About a month after its motion to dismiss was rejected, Hyatt countersued Kronos, the Lowell, Mass.-based vendor the hotel chain said supplies its biometric time clocks and supports the technology.
In the counterclaim, Hyatt asserts Kronos should stand as the real target of the BIPA action. It is Kronos, under the terms of its contract with Hyatt, that actually collects, stores and transmits the fingerprint scans for Hyatt employees, Hyatt claims.
“The data that Rapai and putative class members in the Rapai Lawsuit inputted into the software and/or a hosting system contained or embedded in or on time clock devices was the Personal Information that Kronos was required to access, collect, record, store, retrieve, use, and/or transfer on behalf of Hyatt,” Hyatt wrote in its third-party complaint against Kronos.
“… During the Kronos-Hyatt Contract, Hyatt never collected, captured, received, obtained, or transferred the data inputted into the software and/or hosting system contained or embedded in or on the time clock devices,” Hyatt wrote.
According to Hyatt’s complaint, Kronos rejected Hyatt’s demand that Kronos helped it defend against Rapai’s lawsuit.
The Hyatt counterclaim accuses Kronos of breaching its contract with the hotel chain, and seeks a court order declaring Kronos “did not perform its obligations in compliance, with applicable laws, including BIPA…” and wrongly rejected responsibility to assist Hyatt in the BIPA class action.
The Hyatt counterclaim asks the court to order Kronos to cover Hyatt’s legal costs in defending against the BIPA class action.
According to a court filing in November, Kronos has until Jan. 24 to respond to Hyatt’s counterclaim.
Hyatt is represented in the action by attorneys Lisa Handler Ackerman and Jacob R. Graham, with the firm of Wilson Elser Moskowitz Edelman & Dicker LLP, of Chicago.