Isaza Responds to Illinois Supreme Court Ruling on Biometric Privacy
In January, the Illinois Supreme Court ruled an individual does not have to plead an actual injury or harm, apart from the statutory violation itself, in order to sue under the Illinois Biometric Information Privacy Act (BIPA), as reported by Jeffrey Neuburger of Proskauer. The long-awaited decision stems from Rosenbach v. Six Flags Entertainment Corp.
According to Neuberger’s account, because the BIPA statute does not define “aggrieved,” many legal arguments and amicus briefs have tried to influence the Court as to its meaning.
John J. Isaza, Esq, of Rimon P.C., tells ARMA International the issue is not necessarily settled: “Despite the fact that this ruling is by the highest court of the State of Illinois, the issue of damages is far from settled. This ruling directly conflicts with, say, the ruling of the 7th Circuit which held that the term ‘aggrieved’ means there has to be a cognizable injury.”
Neuberger of Proskauer writes that the Court looked to prior Illinois decisions and the “commonly understood and accepted meaning” of the term “aggrieved” in stating that it generally means “suffering from an infringement or denial of legal rights.”
Importantly, the Court also said that BIPA “compliance should not be difficult,” and that the risk to a party’s biometric privacy outweighs any expense a business might incur to comply with the law.
Isaza tells ARMA what he thinks may happen next:
“In the interim, there may be a rush to the courthouse with filings from plaintiffs, including aggrieved employees, who simply need to show a BIPA violation without having to establish actual harm for standing to sue and claim $1,000 to $5,000 per violation.”
The impact on information managers?
“For records and information governance professionals,” says Isaza, “the defense will come down to what data management practices and consent processes are in place to determine if there was a violation of BIPA, and, if so, whether the violation would be deemed negligent or intentional, the latter of which carries the higher penalty.” For a more extensive look at BIPA and the issue of biometric screening vs. privacy, see the Information Management article Understanding Biometrics’ IG Obligations, by Judy Vasek Sitton.
Rapid Resource E-Course: How to Begin the Legal Hold Process for ESI
This first of ARMA’s new series of free Rapid Resource Modules takes key content from the popular ARMA book 7 Steps for Legal Holds of ESI and Other Documents, by John J. Isaza, Esq., and John J. Jablonski, Esq. Specifically, the e-learning module covers steps 1 and 2 in the process.Take The Free Training
Checklist for Properly Managing Your Records In An eDiscovery World
Your quick helpful one-page checklist for properly managing your Records in an eDiscovery world.Download
About the Author
- Information Security (Information Protection)2019.02.04Isaza Responds to Illinois Supreme Court Ruling on Biometric Privacy
- Cloud2019.01.28Dropbox Buys Hello Sign, Adds its Coveted Workflow Capabilities
- News & Analysis2019.01.25Google Is Fined $57 Million, First Major Penalty Under Europe’s Data Privacy Law
- Information Governance2018.12.07Information Governance Body of Knowledge Published