Employers Face Costly Lawsuits for Misuse of Biometric Information

Retail giant H&M just became the latest corporation to face liability for allegedly failing to follow legal requirements regulating its use of fingerprint scan time clocks.  A Cook County, Illinois resident is seeking class certification for a lawsuit alleging that H&M failed to abide by the provisions of the Biometric Information Privacy Act between 2012 and 2017.  The plaintiff is seeking an unspecified amount in liquidated monetary damages, costs, attorney’s fees, and further relief.

Illinois passed the Biometric Information Privacy Act (BIPA) in 2008 to regulate the collection and use of biometric information.  Biometric information includes any personally unique physical characteristic used to identify an individual, including fingerprints, hand scans, and retinal scans.  BIPA permits an Illinois resident to sue any entity that collects his or her biometric information without following BIPA’s notice, disclosure, and consent provisions.  Washington and Texas have passed similar laws, and legislation in other states is on the horizon.

H&M is not the only employer to face liability under BIPA.  Current and former employees have filed BIPA claims against Facebook, Google, United Airlines, Snapchat, and Shutterfly.  A grocery store chain and its timeclock manufacturer that used fingerprint-enabled time clocks without following BIPA’s disclosure and consent provisions are currently facing a lawsuit that could cost them up to $10 million in damages.  Large, medium, and small employers are all required to abide by BIPA, and are all at risk of high cost litigation for failing to comply. If you use or are considering using fingerprints, hand scans, or other biometric information to track or identify your employees, consult with myHRcounsel to ensure that you have an up-to-date, legally compliant policy that protects you and your employees.