The Price of Privacy: Benchmark of Suits Settle

Six Flags Parks recent $36 million and ADP’s $25 million settlements to resolve pending class-action suits alleging violations of the Illinois Biometric Information Privacy Act (“BIPA”) related to the collection of fingerprints set a benchmark.

The lawsuit against Six Flags Parks, filed in Lake County, IL, alleges that Six Flags breached BIPA at its Gurnee, IL location by scanning the fingerprints of minors at its entry gates.  The lawsuit against ADP, a technology and service company, was brought by approximately 40,000 employees who alleged BIPA violations by ADP requiring employees to scan their fingerprints to record their arrival and departure times at work.

BIPA requires that a private entity cannot collect, capture, purchase, receive through trade or otherwise obtain a person’s biometric identifier or biometric information without informing the person, in writing, that their biometric identifier is being collected and provides the purpose and storage term for the collection; and, without receiving a written release from the person for such collection.

In 2019, the Illinois Supreme Court held that a plaintiff can seek statutory damages if its rights under BIPA are violated. Thus, the mere collection of fingerprint data without the written informed consent and release required by BIPA is sufficient to confer standing. In a letter to the Chicago Sun Times Editor, the Chicagoland Chamber of Commerce reported that in the approximately 11 years between 2008, when BIPA became law, to the 2019 Illinois Supreme Court ruling, there were 173 class action lawsuits filed. Levin, Jack (President & CEO, Chicagoland Chamber of Commerce). “Letters to the Editor.” Chicago Sun Times, 31 March 2021. In the two years since the Illinois Supreme Court’s ruling in 2019, approximately 1076 BIPA class action lawsuits have been filed. Kelly, Elyse. “Illinois Chamber of Commerce seeks changes to Biometric Information Privacy Act”. The Center Square, 27 March 2021.

BIPA provides for statutory damages of $1000 per negligent violation and $5000 per intentional or willful violation. Don’t let your business pay the price of privacy.  Leech Tishman Fuscaldo & Lampl’s Data Privacy Group counsels clients on preparing for and responding to data, privacy, and cybersecurity challenges. We offer clients a full spectrum of counseling and litigation capabilities, with a focus on privacy, data protection, information security, Internet and computer/cyber law, e-commerce, and consumer protection.

For more information or assistance with reviewing data privacy and cybersecurity policies,  please contact James K. Paulick or Jennifer J. Sackett Pohlenz.

Jim co-leads the Data Privacy Group, part of Leech Tishman’s Corporate Practice Group. He can be reached at 412.261.1600 or jpaulick@leechtishman.com.

Jennifer co-leads the Environmental and Permitting and Zoning Groups. She is also a member of the Employment & Labor Practice Group where she focuses on employment litigation. She can be reached at 630.505.1600 or jpohlenz@leechtishman.com.

Leech Tishman’s Facebook Page: https://www.facebook.com/leechtishman

Leech Tishman’s Twitter: https://twitter.com/LeechTishman

Leech Tishman’s Company Page on LinkedIn: https://www.linkedin.com/company/leech-tishman

Leech Tishman Fuscaldo & Lampl is a full-service law firm dedicated to assisting individuals, businesses, and institutions. Leech Tishman offers legal services in business restructuring & insolvency, corporate matters, employment & labor, estates & trusts, intellectual property, litigation & alternative dispute resolution, and real estate. In addition, the firm offers a wide range of legal services to clients in the aviation & aerospace, cannabis, construction, energy & natural resources, healthcare, and hospitality industries. Headquartered in Pittsburgh, PA, Leech Tishman also has offices in Chicago, Los Angeles, New York, Philadelphia, Sarasota, and Wilmington, DE.