With the ongoing BIPA litigation activity in Illinois surrounding collection of biometrics, it can be easy to forget that other issues might surround this practice. Last month the FTC reminded companies not to forget general privacy and data security concerns. Concerns as most know, it enforces under Section 5 of the FTC Act (which prohibits deception and unfairness).Continue Reading Don’t Forget Deception: FTC and Biometrics

Can unionized employees sue their employers in court for violations of Illinois’ Biometric Information Privacy Act (BIPA)? In a rare victory for BIPA defendants, the Illinois Supreme Court unanimously ruled they cannot.Continue Reading Illinois Supreme Court Finds Federal Law Labor Preempts Union Members’ BIPA Claims

February 2023 was a momentous month for Illinois’ Biometric Information Privacy Act (BIPA). Just two weeks after imposing a 5-year time limit for all BIPA claims, the Illinois Supreme Court resolved another pressing issue. In Cothron v. White Castle System, Inc., the Illinois Supreme Court considered whether a BIPA claim accrues every time a company scans or transmits a person’s biometric identifier (e.g., fingerprint) without consent. In a closely divided 4-3 ruling, the Court answered “yes.” Continue Reading Illinois High Court Rules “Per-Scan” Damages Can Be Awarded Under BIPA

A plaintiff has her fingerprints forever. But she doesn’t have forever to file a lawsuit for improper retention, deletion, collection, or use of her fingerprints. For years, Illinois courts have been perplexed on what statute of limitations applies to different claims under the Illinois Biometric Information Privacy Act (“BIPA”). That left an unanswered question: how long does a plaintiff have to file a BIPA claim before losing it? The Illinois Supreme Court weighed in last week, siding with the plaintiffs’ bar. In Tims v. Black Horse Carriers, Inc., that Court held that plaintiffs have five years to file any BIPA claim.Continue Reading Illinois High Court Allows Biometric Privacy Claims to Go Back Five Years

An Illinois state appellate court’s recent ruling will impact how companies consider compliance with Illinois’ Biometric Information Privacy Act (BIPA). That court ruled companies must have a BIPA-compliant written retention-and-destruction policy in place before collecting and possessing biometric data. The decision makes clear that mere possession of biometric data triggers the duty to develop the necessary written BIPA policy. In relevant part, under BIPA’s section 15(a), companies must establish a written, publicly-available policy that governs their retention and destruction of biometric data.Continue Reading Illinois Appellate Court Weighs in on Biometric Data Policies

The Office of the Australian Information Commissioner issued a determination earlier this fall about 7-Eleven’s use of “faceprints.” The OAIC found the convenience store improperly collected faceprint information without getting individuals’ consent in violation of the Privacy Act.
Continue Reading Australia Objects to 7-Eleven’s In-Store Use of Facial Recognition Technology

California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of “personal information” genetic data. The information needs to be “reasonably protected.” While many other states have similar “reasonable protection” requirements in their data security laws, California is one of a handful to specifically list genetic information.
Continue Reading California Broadens Security and Breach Laws, Includes Genetic Data

New York City recently enacted a biometric ordinance that is set to come into effect July 9, 2021. With this ordinance, NYC joins other cities (like Portland) in regulating the use of biometric information. The ordinance may impact retailers, restaurants, and entertainment venues in the city that use security cameras with facial-recognition technology or otherwise collect biometric identifiers from their customers.
Continue Reading New York City Biometric Ordinance Effective July 9, Are You Ready?

The Illinois Biometric Information Privacy Act (BIPA) has spawned hundreds of class action lawsuits and a raft of unresolved issues.  A core issue from a litigation perspective—as well as for companies bracing for potential lawsuits—is one of “standing,” and in particular, what BIPA claims can be brought by plaintiffs in what venues.
Continue Reading Beware BIPA Bifurcation: Plaintiffs’ New Gambit to Split BIPA Claims Between State and Federal Courts 

The new acting FTC chair, Rebecca Kelly Slaughter, recently signaled that the FTC may increase enforcement and penalties in the privacy and data security realm. Slaughter pointed to several areas of focus for the FTC this year, which companies will want to keep in mind:
Continue Reading What Is FTC’s Course Under Biden?

Artificial intelligence continues to be a focus and concern for businesses, regulators, and lawmakers alike. As we recently wrote, there was much activity and focus on artificial intelligence and the impact on privacy laws. In addition to legal developments, there have been advancements in AI business technologies by major multinational technology firms, something focused on this post in our sister Intellectual Property Law Blog. There has been an arms race underway by the world’s leading economies to win the estimated $13 Trillion of GDP this field stands to award the winner.  In a recent podcast episode, partners Siraj Husain and Michael P.A. Cohen discuss these developments, risks, and solutions that businesses are experiencing.
Continue Reading What to Watch in Artificial Intelligence in 2021