The Illinois Biometric Information Privacy Act (“BIPA”) regulates the collection and use of biometric data and includes a private right of action as an enforcement mechanism.  This month, a BIPA class action lawsuit was filed against Del Monte Foods, Inc. in the Circuit Court of Cook County, Illinois.  In Metoyer v. Del Monte Foods, Inc., No. 2020CH06697, the plaintiff alleges several violations of the BIPA related to his former employer’s timekeeping practices.  This case reaffirms that employers must ensure that their practices concerning the collection and use of employees’ biometric information comports with BIPA – as employers who fail to do so are finding their practices challenged in court (for CPW’s prior coverage of this issue, see here and here).

At its core, BIPA protects the “biometric information” of Illinois residents, which is any information based on “biometric identifiers” that identifies a specific person—regardless of how it is captured, converted, stored, or shared.  740 ILCS 14/10.  Biometric identifiers are “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.”  Id. (collectively, with “biometric information,” “biometric data”).

Employers are increasing using fingerprint scans for timekeeping purposes (which would fall within the ambit of BIPA).  However, the plaintiff in Metoyer, a former Del Monte Foods employee, alleges that his former employer instead “required that employees have face(s) scanned by a biometric timekeeping device.”  While an employee at Del Monte Foods, the plaintiff alleges that he was required to submit to facial scanning whenever he clocked in and clocked out.

Although the use of facial scans are regulated under BIPA, the plaintiff alleges that Del Monte Foods failed to conform its conduct to the law’s requirements.  This included the following purported deficiencies:

  • Properly inform Plaintiff and others similarly situated in writing of the specific purpose and length of time for which their face scan(s) were being collected, stored, disseminated and used;
  • Provide a publicly available retention schedule and guidelines for permanently destroying Plaintiff’s and other similarly-situated individuals’ face scan(s);
  • Receive a written release from Plaintiff and others similarly situated to collect, store, disseminate or otherwise use their face scan(s); and
  • Obtain consent from Plaintiff and others similarly situated to disclose, redisclose, or otherwise disseminate their biometric identifiers and/or biometric information to a third party.

The complaint pleads three counts against Del Monte Foods under BIPA in regards to these alleged practices.  It also seeks to certify a class consisting of “[a]ll persons who were enrolled in the biometric timekeeping system and subsequently used a biometric timeclock while employed/working for Defendant in Illinois during the applicable statutory period.”

Noting that biometrics are unique, permanent identifies, the complaint alleges that “[n]o amount of time or money can compensate Plaintiff if his biometric data is compromised by the lax procedures through which Defendant captured, stored, used, and disseminated Plaintiff’s and other similarly-situated individuals’ biometrics.”  Notwithstanding the alleged threat of irreparable future harm, the plaintiff additionally demands monetary damages consistent with BIPA’s statutory caps of $5,000 for each intentional and/or reckless violation and $1,000 for each negligent violation and other equitable relief.

Since BIPA’s enactment, the largest number of BIPA lawsuits have been filed against employers that collect their employees’ biometric data for timekeeping purposes.  Additionally, BIPA class actions have also recently been brought against non-employer third parties that manufacture and/or operate such timekeeping systems.  The complaint in Metoyer is consistent with these general trends.  According to the case docket, the litigation is scheduled for case management call on March 10, 2021.  Stay tuned.