In 2008, Illinois enacted the Biometric Information Privacy Act (BIPA), the first state statute to regulate businesses’ use of biometric identifiers and biometric information (BII). 740 Ill. Comp. Stat. Ann. 14/1, et seq. BIPA generally requires private entities to (1) make their data retention policies publicly available; (2) give notice and receive consent before obtaining BII; (3) refrain from selling BII to third parties; (4) refrain from disseminating BII without prior written consent, absent certain exceptions; and (5) handle BII with reasonable care. The statute creates a private right of action and authorizes statutory damages up to $5,000 per violation, or actual damages, whichever is greater.
Originally published in Privacy & Security Law Report, 16 PVLR 620 - May 1st, 2017.
Please see full publication below for more information.