The Illinois Biometric Information Privacy Act (BIPA) is one of the nation’s strictest laws regulating the collection, storage, and use of biometric data (e.g., fingerprints, a scan of hand or facial geometry, voice prints, or retina scans). Today, the Illinois Supreme Court issued a decision in Cothron v. White Castle System, Inc., holding that a claim accrues under Sections 15(b) and (d) each time a private entity scans a person’s biometric identifier and each time a private entity transmits such a scan to a third party.

The decision resolves a long-standing question of whether a plaintiff has a BIPA claim the first time a private entity scans their biometric identifier or for each time a private entity scans a biometric identifier. The Illinois Supreme Court recognized the significant ramifications its ruling has on the exposure companies might face under BIPA, including the potential for astronomical liquidated damages. Still, it explained that “[t]his court has repeatedly recognized the potential for significant damages awards under the Act” and that “the legislature intended to subject private entities who fail to follow the statute’s requirements to substantial potential liability.” The Court left it to the legislature to address “policy-based concerns about potentially excessive damage awards” and “suggest[ed] that the legislature review these policy concerns and make clear its intent regarding the assessment of damages under” BIPA.

Contact Scopelitis Attorneys Greg Feary, Andrew Butcher, or Chip Andrewscavage, Jared Kramer, or Dylan Goetsch for questions about this ruling or issues related to BIPA.