A class action lawsuit has been filed against a major hotel management company for allegedly violating Illinois' Biometric Information Privacy Act (BIPA). The complaint, filed by LeShawn Evans in the United States District Court for the Northern District of Illinois on June 20, 2024, accuses OTO Development, LLC of unlawfully collecting and storing employees' biometric data without proper consent or disclosure.
According to the complaint, Evans worked at one of OTO's hotels in Chicago and was required to use a fingerprint scan as part of the timekeeping process. This practice, which allegedly did not comply with BIPA's stringent requirements for handling biometric data, has exposed employees to significant privacy risks. "OTO’s unlawful collection, obtainment, storage, and use of its users’ biometric data exposes them to serious and irreversible privacy risks," states the complaint. It highlights that if such sensitive information were compromised through hacking or other breaches, employees would have no means to prevent identity theft or unauthorized tracking.
The Illinois legislature enacted BIPA to protect residents' privacy interests in their biometric data. The law mandates that private entities must inform individuals in writing about the collection and storage of their biometric identifiers, specify the purpose and duration for which the data will be used, obtain written consent from individuals before collecting their data, and establish publicly available retention schedules for destroying this information. Evans alleges that OTO failed on all these fronts. "Plaintiff was never informed in writing that OTO was collecting or storing his biometric information," reads the complaint.
Evans further claims that OTO disclosed employees' biometric information to third-party service providers without obtaining proper consent. This dissemination of sensitive data violates BIPA's provisions designed to safeguard against unauthorized sharing. The lawsuit seeks statutory damages amounting to $5,000 per intentional violation or $1,000 per negligent violation of BIPA. Additionally, it demands actual damages, reasonable attorneys’ fees and costs, and any other relief deemed appropriate by the court.
The case is being handled by attorneys Michael L. Fradin from Skokie, Illinois and James L. Simon from Chagrin Falls, Ohio. The case ID is 1:24-cv-05165.