Illinois lawmakers have introduced House Bill 559 to add new provisions to the Biometric Information Privacy Act (“BIPA”). However, there is debate over whether the changes would gut BIPA’s power.
BIPA requires private entities to inform persons in writing about the purpose of any biometric information collection, use, or storage. Biometric data includes fingerprint technology, facial feature recognition systems and eye or retina scan systems. Private entities cannot collect, use, or store biometric data without a written release from the person whose biometric information is sought. Entities are also required to create processes for safe return and destruction of biometric information that has been made public.
BIPA empowers Illinoisans with the right to sue private entities for violations of BIPA. Individuals can collect the greater of $1,000 or actual damages for negligently-committed violations, or the greater of $5,000 or actual damages for violations that were recklessly or intentionally committed. Individuals may also seek attorneys’ fees and costs.
The proposed legislation would provide additional parameters for individuals who seek to address a violation. Aggrieved parties would need to provide written notice of any alleged violation to the offending entity, who then has 30 days to remedy the violation before litigation may commence. This notice period, some lawmakers argue, may serve to protect smaller business entities. The legislation also removes the $1,000 and $5,000 minimum damage amounts in favor of reimbursement for actual damages. Intentional or reckless violations would be penalized with actual damages plus liquidated damages. Another additional change is that entities could receive “consent” rather than a “written release” from consumers.
Lawmakers who oppose the Bill argue that BIPA, in its current form, is flexible enough to accommodate future technological changes and applaud the success of BIPA in its current form, which is seen as a nationwide leader in consumer data protection legislation.
The Illinois General Assembly meets from January – May 2021. It is unclear whether this proposal will go to a vote during this term, so businesses should continue to follow the parameters of BIPA when collecting, using, and storing customer data.
If you have any questions regarding the your biometric data collection rights, please contact the attorneys at Rock Fusco & Connelly, LLC.