A recent decision by an Illinois appellate court analyzed whether employees’ privacy violation claims fall within their employment agreements’ arbitration provision. At issue was an employer’s use of biometric information collected from its employees and the consequences of doing so in a manner that was allegedly inconsistent with applicable law, and whether those claims are subject to arbitration, rather than litigation in a court of law.
The Illinois Biometric Information Act
As the court noted, the Illinois Biometric Information Protection Act was enacted in 2008 to regulate “the collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information.” The Act further provides that “Biometric identifier” includes “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry”, and that “Biometric information” means “any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.”
Among other things, the Act requires private entities to obtain informed written consent from those that they are collecting information about, provide a written notice explaining the details concerning the collection of biometric information, and requires certain steps be taken when it comes to destroying the data. The Act provides for a private right of action and permits the recovery of the greater of $1,000 or actual damages for negligent violations, or the greater of $5,000 or actual damages for intentional or reckless violations, as well as attorneys’ fees, costs, and expenses.
While it is easy to understand how the employees’ claims concerning the collection, storage, and use of their biometric information would fall under the Act, the hospitality employer believed that the biometric information claim fell within the arbitration provision contained in its employment contracts.
Procedural History & Facts
Employees filed a class action complaint against their employer, alleging that the employer violated the Act in the method of collecting, using, storing and disclosing their biometric data. Specifically, the employees objected to the use of their fingerprints for timekeeping purposes.
In response to the lawsuit, the employer filed a motion to compel arbitration, arguing that the employees signed employment agreements that required the arbitration of four types of employment disputes. The employer argued that the employees’ claims fell squarely within the “wage or hour violation” category identified in the arbitration clause.
The trial court disagreed with the employer. Similarly, on April 9, 2019, the Illinois appellate court affirmed the trial court’s decision, finding that the employees’ claim under the Act does not involve a “wage or hour violation” subject to arbitration.
The court recognized established law holding that parties must arbitrate only those issues they have agreed to arbitrate. The court noted that certain arbitration provisions are “‘generic,’ meaning it is nonspecific in designating what issues should be arbitrated [and] … is characterized by language providing that all claims arising out of or relating to the contract shall be decided by arbitration.” However, the court found that the provision in the contract at issue was narrower, listing four categories that were subject to arbitration.
The court noted that the employees’ claims did not allege that the employer failed to properly pay wages or required employees to work excessive hours such that they would fit within the term “wage and hour violation.” The court found that because the employees allege that their employer violated their privacy rights under the Act by requiring them to provide their fingerprints for timekeeping, the claims did not fall within the scope of the arbitration provision.
Data privacy laws abound. From the Act to the looming California Consumer Privacy Act, business are finding that by partnering with legal counsel to stay abreast of emerging legal issues they can avoid costly mistakes. The Act, and other similar biometric information statutes in other states, require that companies evaluate their methods of collecting, storing, using and sharing biometric information. As a result, businesses are finding that investing in compliance and legal review of existing contracts, including employment and arbitration agreements among others, results in a return that far outweighs the potential costs of having to defend lawsuits, and pay steep penalties and fines. Ultimately the implementation of the required compliance protocols that should have been in place is of paramount importance to mitigate the risk of these exposures.