Identifying Insurance Coverage for Alleged Violations of the Illinois Biometric Information Privacy Act

Cyber Insurance Alert

PUBLISHED ON: October 2, 2020

Download PDF

In 2008, Illinois passed one of the first biometric privacy laws to take effect in the United States. The Biometric Information Privacy Act1 (BIPA) did more than usher in a new wave of biometric information privacy protections, it also ushered in a wave of class action lawsuits, with plaintiffs seeking to recover damages per the law’s hefty statutory penalties. Companies that collect, store, use or disseminate biometric identifiers or information in Illinois should take stock of their insurance coverage and be aware of potential pitfalls and pressure points in their policies.

Requirements and Rationale of the Biometric Information Privacy Act

The use of biometric technology in day-to-day operations is on the rise. Whether it’s a fingerprint scan to clock in and out of work, or a retinal scan to confirm access to a restricted area, companies in virtually every industry are using and storing individuals’ biometric information.Consequently, more and more companies will face potential exposure
under BIPA and similar legislation in other states, like New York, California, Texas and Washington.

BIPA defines biometric information as “any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.” Biometric identifier means “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” BIPA imposes a number of requirements on private entities possessing biometric identifiers or biometric information, including requirements to:

1. Inform individuals in writing of the specific purpose and length.....