In the recent case of Cothron v. White Castle Systems, the Illinois Supreme Court upheld the state's Biometric Information Privacy Act (BIPA) and allowed for significant fines against companies that violate it. The Court found that if employees’ rights are violated, they are entitled to statutory damages under BIPA, which can range from $1,000 to $5,000 per violation.

 

Associations that collect or use biometric data in Illinois should take note of the ruling and ensure that they are in compliance with BIPA's requirements. If your Association employs staff and is utilizing a timekeeping system that involves the use of biometric data to monitor when employees are working, it may need to seek the consent of the employee to do so under the Illinois Biometric Information Privacy Act (“BIPA”).  

​

BIPA was enacted into Illinois law in 2008, with the intention of protecting individuals’ biometric data, such as fingerprints or face scans. Under this law, employers should obtain the written consent of any employee who may be subject to providing biometric data.  

​

It is not uncommon for Associations to utilize third-party systems that require its staff to provide their fingerprint to clock-in and clock-out as the mechanism to monitor their working-hours. While these systems provide a convenient approach to track employee hours, they may be developed by out-of-state companies that do not consider local state laws such as BIPA. 

​

If your Association does utilize this, or a similar employee time-tracking system, then it is important that Management work with your Association’s legal counsel to: (1) draft and provide a Biometric Information Policy; and (2) obtain the written consent of employees to use their biometric data for timekeeping purposes.  

​

If you believe your Association is utilizing biometric data of its employees in any manner, we encourage you to work with management and legal counsel to obtain the necessary consents as to not violate BIPA.