Seventh Circuit Addresses Biometric Information Privacy Act (BIPA) Damage Accrual (US)
Seventh Circuit Addresses Biometric Information Privacy Act (BIPA) Damage Accrual (US)
Publish Date: 2026-06-18 10:34:00
Source Domain: www.employmentlawworldview.com
Many employers collect biometric data like retina or iris scans, voiceprints, hand scans, fingerprints, facial scans and DNA from their employees to track working hours, allow employee admittance to secure areas or provide access to pay stubs, among other reasons. The Illinois Biometric Information Privacy Act (BIPA) was enacted in 2008 to regulate and safeguard how private entities in Illinois handle biometric information, and imposes notice and consent requirements for the collection and storage of such data.
Since 2019, if a covered employer mishandles an individual’s data, BIPA grants the individual a private right of action to sue the company. Importantly, the individual does not need to prove actual financial or physical harm to sue under BIPA. This serves as an important reminder to Illinois employers of their obligations when collecting biometric data from any individual, including potential or current employees. These include:
- Written Informed Consent: Companies must inform individuals in writing about the collection, purpose and duration of the biometric data storage, and must obtain a signed written release.
- Prohibition on Selling or Profiting: Companies may not sell, lease or profit in any way from an individual’s biometric data.
- Data Policies: Companies must develop and publish a written policy regarding retention and data destruction. This policy must be publicly available.
BIPA violations carry steep penalties. Individuals may recover up to $1,000 per negligent violation and up to $5,000 per intentional or reckless violation. For many years, courts counted each individual biometric scan as a separate BIPA violation, leading to very substantial aggregate penalties. For example, in Cothron v. White Castle System, Inc., a class of employees alleged that they scanned their fingerprints to access pay stubs and computers. White Castle used a third-party vendor to verify each scan and authorize the employee’s access. White Castle did not…
![Federal social media bill threatens to undermine privacy rights, alienate youth: critics [audio] – NB Media Co-op](https://nbmediacoop.org/wp-content/uploads/2026/06/SocialMediaBanJun122026.jpg "Federal social media bill threatens to undermine privacy rights, alienate youth: critics [audio] – NB Media Co-op")
