March 20, 2023

The Illinois Supreme Court has clarified how Biometric Information Privacy Act (BIPA) violations accrue. As such, violation claims will accrue whenever a biometric identifier is collected and disclosed illegally. BIPA regulates collecting, handling, safeguarding, storing, retaining, and destroying biometric identifiers. An example of such identifiers includes fingerprints. It took effect in 2008.

In a 4-3 opinion, the Court found that the employer had to collect an employee’s fingerprints with each scan to complete the fingerprint identification process. Based on this decision, the employer could not entirely avoid the allegations of repeated BIPA violations. This ruling could increase the number of court cases concerning this issue.

Additionally, the Illinois General Assembly has filed another Bill, HB 1230. If the Bill passes, it will amend BIPA by providing an exemption for healthcare employers. This exemption would protect them from the numerous BIPA lawsuits filed in the past. Illinois law does not require healthcare organizations to conduct fingerprint-based background checks on their employees. Because healthcare organizations can maintain their employees’ records on file, they have become vulnerable to BIPA lawsuits.

Though BIPA provides an exception for the healthcare industry, a ruling by the Illinois Supreme Court in 2022 clarified what that exception covers. For example, the patient data exemption does not protect employee data. However, HB 1230 passing would provide protections for healthcare employers by narrowing the scope of BIPA. For example, healthcare employers conducting fingerprint-based background checks under the Health Care Worker Background Check Act (HCWBCA) would become exempt from BIPA regulations. 

However, it would only apply if the employer processes the employee biometric data for employment or fraud prevention. The employer must also keep a documented process that deletes the biometric data. According to the Bill, healthcare employers would include many healthcare organizations. Examples include nurse agencies, community living facilities, owners or licensees of hospitals, home services agencies, and hospice care programs. 

Currently, Texas, Illinois, and Washington are the only states with active biometric privacy laws. Also, Illinois is the only state at this time with a biometric privacy law that gives consumers a private right of action. In addition, eight other states have started considering biometric privacy bills that would grant consumers a private right of action.

HB 1230’s future remains uncertain today, but should it pass, it would provide needed protections for healthcare employers. This Bill could help prevent future lawsuits related to required fingerprint-based background checks. Regardless of its passing, employers must maintain a documented process that will delete employee biometric data.

Keep your business up to date on new laws and regulations with Pre-employ’s free news resources. Contact a sales rep today.

Source