Time theft, especially in an age of booming remote work, is a serious concern for employers.

Time theft’s cost on productivity motivates many companies to explore ways to reduce it.  In a recent case, time theft motivated a company to implement a timekeeping system that clocked employees through their fingerprints instead of the usual badges or employee numbers.  As this case illustrates, however, an attempt to increase productivity by decreasing time theft can quickly lead to bleeding resources into litigation.  Further, in some circumstances, the bleeding can turn into hemorrhaging, such as when a defendant finds itself simultaneously litigating in state and federal court.

In Burlinski v. Top Golf USA, Inc., No. 19-cv-06700, 2020 U.S. Dist. LEXIS 161371 (N.D. Ill. Sep. 3, 2020), the defendant faced a class action lawsuit by former employees over alleged timekeeping practices.  It allegedly required its employees to record their time by scanning their fingerprints.  The defendant’s purpose for using fingerprints in lieu of timecards or unique employee numbers was to prevent time theft by precluding employees from recording time for anyone but themselves.

The plaintiffs were employed in Illinois, which implicated state privacy laws.  Illinois is one of a few states with laws regulating the collection of fingerprints and other biometric data.  A company may be liable under the Illinois Biometric Privacy Act (“BIPA”) if it does not:  (1) maintain a public retention and destruction schedule before collecting biometric data; or (2) acquire written consent prior to collecting biometric data or disclosing such data to third parties.

Procedural trouble began when the defendant removed the suit.  While the district court was evaluating the defendant’s motion to dismiss and the plaintiffs’ motion to remand, the Seventh Circuit issued an opinion that changed everything.  In Bryant v. Compass Grp. USA, Inc., 958 F.3d 617, 624-26 (7th Cir. 2020), the Seventh Circuit ruled on whether district courts had Article III jurisdiction over BIPA claims.  The court found there was jurisdiction over claims alleging that a company failed to obtain written consent prior to collecting biometric data.  The court, however, found there was no jurisdiction over claims alleging a failure to maintain a public retention and destruction schedule prior to collecting biometric data.  In other words, federal courts have jurisdiction over some BIPA claims, but not others.  Burlinski contained both types of claims.

Bryant had an immediate effect in Burlinski.  The court remanded one claim to state court and kept the remaining claims.  The court then rejected the defendant’s arguments to dismiss the removed claims, and the defendant found itself simultaneously litigating in state and federal courts.

To sum it up, Burlinski serves as a reminder for companies to vigorously ensure their own compliance with any applicable privacy statutes.  With many services now turning remote, time theft will likely become only a larger problem.  Before implementing a new timekeeping system, however, companies should recall the tale of Burlinski and its double litigation.