Illinois Biometric Privacy Violation Attorneys

Biometric data is any data created by a computer when measuring a person's biology. Fingerprints are one of the most widely recognized biometric measures because they have been used for years by law enforcement, and more recently, to unlock more recent models of iPhone. Like fingerprints, biometric data can be useful as identification when it's unique to each person, permanent and does not require invasive measures to collect.

Modern technology has gone well beyond fingerprints, however. Voice recognition software is capable of responding to anyone, or it can operate only when it recognizes the specific voice it is "trained" for. That technology is now widespread. So is facial recognition technology, which may be able to identify someone in a crowd without that person's active participation, if their face is already in the right database.

The fact that biometric measures are unique to each person and difficult to falsify makes them extremely useful—and not just to law enforcement. Biometric information is already being used for computer security at the consumer level, as a way for owners of smartphones and laptops to log in to their devices.

In addition, biometric data also has many applications in the workplace, starting with the same kind of computer security. For workplaces that require building security, biometric data like facial recognition or fingerprints can also be used to control access to sensitive areas. Employers can use biometric data to keep close track of employees' work time and breaks, as is legally required for some employees. And employers that offer health and wellness plans may request biometric data to measure the results of health changes and reward them as necessary.

Biometric data is extremely personal because it comes from a person's own body. Not every American is comfortable sharing information about their weight, age, or other biological data that isn't relevant to the work or transaction they originally intended to do. Indeed, that kind of information can be the basis of prejudice that leads to unlawful workplace harassment or other negative consequences.

Even those who are comfortable sharing their biometric data in a limited way—say, for access to a special secure area at work—may not be comfortable with leaving it vulnerable to a wider audience, such as their workplace's human relations department. And storing this kind of information invites a risk of hacking, especially because biometric identification is considered so secure that it may not be backed up with any other passwords or security measures.

That leads to another potential problem with biometric privacy: You can't change your fingerprints or your voice or your retinas. That's great for security purposes, but if that data is compromised, you won't be able to change it, and you won't be able to control what "you" do with the information. Since biometric data is considered trustworthy, you could have difficulty convincing authorities that you were hacked.

Finally, biometric data includes information about you that is visible even to a casual observer, such as your face and hands. Already, law enforcement and artificial intelligence researchers can identify faces in a crowd if they have the right information. As technology advances, it may become even easier to collect biometric data without the subject's consent, merely from cameras placed in public places. If you do not entirely trust the government—or the private companies that have an interest in this technology—that is bad news.

Fortunately, the privacy rights of Illinois residents are protected by the Illinois Biometric Privacy Act, which provides a strong remedy for violations. Passed in 2008, it requires companies to get consumers' permission before collecting their information and allows ordinary people to sue companies that fail to get that permission.

The Act defines a "biometric identifier" as:

• A retina or iris scan
• Fingerprint
• Voiceprint
• Scan of hand geometry
• Scan of face geometry

Biometric information is any information based on those identifiers and used to identify an individual, regardless of how it's collected. Private businesses may not obtain biometric information or identifiers unless they:

• Inform the subject (or a representative like a parent) in writing that they're doing it
• Explain the purpose and length of time they will retain it
• Receive a written release of the biometric information from the subject or representative
• Create a written publicly available policy on retaining and destroying the information

They may not sell or otherwise profit from the information, and they may not release it without the subject's written consent unless the disclosure is authorized by law. Businesses are required to protect the biometric information from disclosure, in a way that is at least as strict as the business's protection of other confidential and sensitive information.

Perhaps most importantly, the Illinois Biometric Privacy Act has real teeth, in the form of a right to sue any company that violates the Act. Under an Illinois Supreme Court ruling, Illinois residents do not have to show they were harmed by violations of the Act; merely violating it is an adequate basis for a lawsuit.

If you sue a company for mishandling your private biometric information under the Illinois Biometric Privacy Act, you could stand to recover substantial money. That's because the Act allows you to claim either payment for the actual injuries caused to you or a specified amount of money. That specified amount depends on the company's behavior:

• For a private entity that violates the law through carelessness, $1,000 per violation or actual damages, whichever is greater
• For a private entity that intentionally violates the law, $5,000 per violation or actual damages, whichever is greater

Since these amounts are per violation, they may add up. For example, if a company sells both your fingerprints and your facial recognition data, it has intentionally violated the law two times and could have to pay $10,000 if you prove it in court.

In either case, you can also claim reasonable court costs and attorneys' fees. That means if you win the case, the other side pays for your lawyer. It's an important provision because it puts a lawsuit within financial reach for everyone, even people who didn't start with a lot of money. In that way, it levels the playing field between ordinary people and large companies.

Finally, the law permits you to sue for non-monetary relief, such as a court order forbidding the company from violating your biometric privacy again.