Illinois Biometric Policy Law Does Not Require Proof of Actual Damages

Attention businesses operating in Illinois: If you use a person’s “biometric” data for things like timekeeping or security, you must have a written policy under which you: (1) obtain written consent, (2) store the data confidentially and (3) destroy the data no later than three years after the last interaction with the person.

If you fail to do so, you face statutory penalties of $1,000 (negligently) or $5,000 (recklessly/intentionally) per person per violation – even if the employee suffered no actual damages (such as identity theft, etc.). You will also be paying the person’s attorneys’ fees and litigation expenses (including expert witnesses).

That was the Illinois Supreme Court’s ruling in Rosenbach v. Six Flags Entm’t Corp., 2019 IL 123186, a case involving an amusement park scanning customer fingerprints for use with entry passes. The park did not obtain consent or provide any information about its use of the fingerprints. The potential damages based on millions of customers visiting the park each year is staggering.

It is therefore vital for companies operating in Illinois to understand their obligations when it comes to biometric data.

View entire article here.

0 views0 comments

Recent Posts

See All

Stamp Duty Holiday Extension Announced In Latest Budget

As recently leaked to The Times, the Chancellor Rishi Sunak has today unveiled a temporary extension to the stamp duty holiday as part of his Budget announcements. The holiday was first introduced las

© Law Exchange International 2021

Web Design by

Web and Graphic Design near Grand Rapids


David Lindgren

Shakespeare House

42 Newmarket Road

Cambridge CB5 8EP


Connect with LEI

  • White Facebook Icon
  • White Twitter Icon
  • White LinkedIn Icon

Add on Facebook

Add on Twitter

Add on LinkedIn