A packaged food manufacturer is the latest company facing a class action suit under Illinois’ Biometric Information Privacy Act (BIPA).
Peacock Foods is alleged to have violated the law when it collected and stored employee fingerprints in its electronic time tracking system without employees’ written consent. As we have reported previously, BIPA has spawned a wave of class action lawsuits in Illinois as the use of biometrics for secure authorization continues to grow.
The first biometric-specific privacy law in the country, BIPA requires companies that collect biometric data (such as fingerprints, iris scans, and DNA) to obtain written consent from the data subjects and to publicly disclose how the collector will use and store such information. In this case, some Peacock employees allege that the company required employees to scan their fingerprints to clock in and clock out each day, but never explained to employees why the fingerprints were being used, how long the fingerprints would be stored, or how they would ultimately be destroyed. Additionally, the plaintiffs allege that Peacock never asked the employees for their permission.
The case is Alma Diaz et al v. Greencore USA - CPG Partners LLC, in Illinois state court.
TIP: To avoid running afoul of BIPA, companies that use biometrics for authorization purposes should take care to ensure they adequately disclose the scope of such data collection and use to any data subjects, as well as get their (documented) consent to do so.