Illinois Biometric Policy Law Does Not Require Proof of Actual Damages

Attention businesses operating in Illinois: If you use a person’s “biometric” data for things like timekeeping or security, you must have a written policy under which you: (1) obtain written consent, (2) store the data confidentially and (3) destroy the data no later than three years after the last interaction with the person.

If you fail to do so, you face statutory penalties of $1,000 (negligently) or $5,000 (recklessly/intentionally) per person per violation – even if the employee suffered no actual damages (such as identity theft, etc.). You will also be paying the person’s attorneys’ fees and litigation expenses (including expert witnesses).

That was the Illinois Supreme Court’s ruling in Rosenbach v. Six Flags Entm’t Corp., 2019 IL 123186, a case involving an amusement park scanning customer fingerprints for use with entry passes. The park did not obtain consent or provide any information about its use of the fingerprints. The potential damages based on millions of customers visiting the park each year is staggering.

It is therefore vital for companies operating in Illinois to understand their obligations when it comes to biometric data.

View entire article here.


Recent Posts

See All

© Law Exchange International 2020

Web Design by

Web and Graphic Design near Grand Rapids


David Lindgren

Shakespeare House

42 Newmarket Road

Cambridge CB5 8EP


Connect with LEI

  • White Facebook Icon
  • White Twitter Icon
  • White LinkedIn Icon

Add on Facebook

Add on Twitter

Add on LinkedIn