Millions of mobile phone, bank, and investment customers now use fingerprint readers, eye scans, and voice recognition technologies as security and privacy enhancing technologies. This biometric information can provide more security than a password, however, once biometric data is compromised a person cannot change fingerprints or voice tones like they could a password.
Other businesses also collect this information from customers, employees and others, sometimes without notice, for numerous purposes, such as targeted marketing and security. Vendors and others may even collect, use and provide this information to your business. In both these instances your business could be exposed to substantial financial risks for violating privacy laws.
The European Union, federal government and several states are preparing laws to address private entities’ collection, use and storage of biometric data, but the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 (2008), that regulates the collection, use, safeguarding and storage of biometric identifiers and information by private businesses in Illinois currently imposes the strictest protections and broadest limitations on the collection, use and storage of biometric data in the United States.
The Illinois Supreme Court recently held that even though a plaintiff had no actual damages arising from the business’ violation of the Act by collecting his fingerprints, his civil suit could proceed to seek statutory and other damages as well as to recover his attorney’s fees. Such a ruling often prompts other victims and attorneys to initiate lawsuits. This new interpretation could result in substantial fines for companies that collect or use such information in violation of the Act, and there appears to be no or only limited insurance currently available to cover this risk.
To the extent your business or any of your vendors or contractors collect biometric data, your business could be at serious risk and you should ensure strict compliance with the law. If you have any questions about this ruling, the collection and use of biometric data or how to protect your business, please contact us.
