Isaza Responds to Illinois Supreme Court Ruling on Biometric Privacy
In January, the Illinois Supreme Court ruled an individual does not have to plead an actual injury or harm, apart from the statutory violation itself, in order to sue under the Illinois Biometric Information Privacy Act (BIPA), as reported by Jeffrey Neuburger of Proskauer. The long-awaited decision stems from Rosenbach v. Six Flags Entertainment Corp.
According to Neuberger’s account, because the BIPA statute does not define “aggrieved,” many legal arguments and amicus briefs have tried to influence the Court as to its meaning.
John J. Isaza, Esq, of Rimon P.C., tells ARMA International the issue is not necessarily settled: “Despite the fact that this ruling is by the highest court of the State of Illinois, the issue of damages is far from settled. This ruling directly conflicts with, say, the ruling of the 7th Circuit which held that the term ‘aggrieved’ means there has to be a cognizable injury.”
Neuberger of Proskauer writes that the Court looked to prior Illinois decisions and the “commonly understood and accepted meaning” of the term “aggrieved” in stating that it generally means “suffering from an infringement or denial of legal rights.”
Importantly, the Court also said that BIPA “compliance should not be difficult,” and that the risk to a party’s biometric privacy outweighs any expense a business might incur to comply with the law.
Isaza tells ARMA what he thinks may happen next:
“In the interim, there may be a rush to the courthouse with filings from plaintiffs, including aggrieved employees, who simply need to show a BIPA violation without having to establish actual harm for standing to sue and claim $1,000 to $5,000 per violation.”
The impact on information managers?
“For records and information governance professionals,” says Isaza, “the defense will come down to what data management practices and consent processes are in place to determine if there was a violation of BIPA, and, if so, whether the violation would be deemed negligent or intentional, the latter of which carries the higher penalty.” For a more extensive look at BIPA and the issue of biometric screening vs. privacy, see the Information Management article Understanding Biometrics’ IG Obligations, by Judy Vasek Sitton.
Download the PDF version of this article.
-->Download the ARMA Magazine 2019, Volume 01 (which includes this article).