Biometric data. Credit: HQuality/Shutterstock.com
Recently, a Chicago federal jury awarded $228 million in damages to a class of truck drivers based upon the defendants’ alleged violation of Illinois’ Biometric Information Privacy Act (BIPA), which strictly confines an organization’s ability to use, sell or disclose biometric information without an individual’s express consent. See Rogers v. BNSF Railway Company, No. 19-cv-3083 (N.D. Ill. Oct. 12, 2022). Although BIPA has been in existence since 2008, Rogers is the first BIPA case that has gone to a jury verdict. Biometric data includes any data capturing physical characteristics that can be used to identify a particular person, including a fingerprint, iris scan or voice print, and has become embedded in the regular course of business.
Because of the growing use of biometrics by companies, many lawmakers are now focused on regulating how companies handle such data, and some jurisdictions now permit private rights of action to police companies. This can result in significant penalties for companies that are not in compliance, as was the case in Rogers. Due to the increasing focus on biometric litigation, this article provides an overview of BIPA as well as existing and proposed New York law regulating biometric information.
