Although the Illinois Biometric Information Privacy Act has been the law in Illinois since 2008, in the past year, there have been at least 12 class actions filed against employers in Illinois state and federal courts seeking to redress alleged violations of the Act.

With recent advances in technology, the use of biometric data has rapidly become integral to the operation of many companies incorporating the use of biometric data into all facets of their businesses. Examples include the use of fingerprint scans with time-management software, facial recognition scans for marketing purposes, and retina scans to gain access to secured facilities. While the use of these technologies undoubtedly provides companies such benefits as heightened accuracy and security, it also comes with the potential for significant legal liability if not implemented correctly.

The Biometric Information Privacy Act has recently become the source of increased scrutiny by plaintiffs’ attorneys. With liquidated damages ranging from $1,000 for each violation for negligent violations of the Act, to $5,000 for each violation for reckless violations — plus attorneys’ fees and costs — the potential liability for failure to comply with the Act could be catastrophic.

The Act requires companies that collect and use biometric information to obtain a written release prior to collecting such data. The Act also has requirements related to the protection, use, and destruction of biometric information. Although the Act’s requirements are strict, companies can take steps to protect themselves.