In the Illinois Senate, a recently proposed Biometric Information Privacy Act (BIPA) amendment seeks to change how BIPA claims accrue, limiting the amount of damages available in instances where there are multiple violations.
The Cothron decision, which held that BIPA claims accrued each and every time biometrics were collected, transmitted, or stored absent a written release, emboldened plaintiffs to take aggressive positions when pursuing BIPA claims. Since BIPA’s liquidated damage provision provides for recovery of $1,000 to $5,000 per scan even without actual damages, companies operating in Illinois could face millions of dollars in liability even in situations where biometrics were provided voluntarily but before written consent was obtained. [1] The Cothron Court noted that BIPA, as worded, exposed private entities to potentially ruinous damages, but it deferred to legislators to address the issue.
Illinois Sen. William Cunningham, the Senate’s President Pro Tempore, has taken note of the Cothron decision. A proposed amendment, SB2979, if passed, would alter the private right of action provision to provide that in the event of multiple BIPA violations “an aggrieved person is entitled to, at most, one recovery … regardless of the number of times” the violative conduct occurred. [2] This amendment would apply to collecting, receiving, or otherwise transmitting covered biometrics.
Entities defending BIPA cases should withhold excitement for now. Retroactivity is not mentioned in the current version of this proposed amendment. Previous attempted amendments, some of which would have altered the liquidated damages provision or created safe harbors, did not progress past the proposal stage. The legislative process also takes some time, and the proposed amendment would need to survive at least three Illinois General Assembly votes to reach the governor’s desk, including requiring a unanimous vote by the full chamber before needing a third majority vote.
We will continue to monitor legislative and judicial actions around BIPA and will keep you updated. Please reach out to us if you would like to discuss BIPA, compliance strategies, or potential risks.
[1] See BIPA litigation update: Cothron’s impact and employer BIPA defense affirmed
[2] The proposed amendment can be read in full at Illinois-2023-SB2979-Introduced (legiscan.c
About Cybersecurity Bits and Bytes
This blog covers the latest trends and events in cybersecurity law. We’ll provide tips, tricks, and tactics for handling cybersecurity situations, and analysis of recent cybersecurity case law, statutes, and regulations.