The plaintiffs' class action bar has shifted its focus to biometric privacy class actions. To minimize their risk, businesses must implement heightened awareness of the current and anticipated laws, be aware of the technical requirements, be vigilant with respect to compliance, and be aggressive in defending against litigation.

The number of biometric privacy class actions continues to skyrocket, with the decade-old Illinois Biometric Information Privacy Act (BIPA) continuing to pose the greatest threat to companies. While BIPA remains the only biometrics legislation that provides for a private right of action, five other states (Texas, Washington, California, New York, and Arkansas) have now passed their own biometric statutes or expanded existing laws to include biometric identifiers. These five states, however, either do not address the private right of action or expressly allow enforcement by the state attorneys general.

Illinois Remains the Leader in the Biometric Privacy Arena

The Illinois Biometric Information Privacy Act (BIPA) is the first and the oldest biometric regulation in the United States. Enacted in 2008, it regulates the collection and storage of biometric information. Biometric information includes a wide variety of identifiers such as retina scans, iris scans, fingerprints, palm prints, voice recognition, facial-geometry recognition, DNA recognition, gait recognition, and even scent recognition.

Although biometric laws broadly apply to all industries and regulate private entities and individuals, compliance issues most frequently arise in the HR and employment context. Many U.S. employers have recently begun to utilize the employees' biometric information to monitor when their workers clock in and out, or to restrict access to secure areas, to provide system login and regulate online access to sensitive data, and even to monitor productivity tracking and ergonomic tracking. While convenient, highly accurate, and efficient, use of biometric technology at work brings about a slew of legal and regulatory-compliance issues.