More than 100 class actions have been filed by employees alleging they are “aggrieved persons” under the Illinois Biometric Information Privacy Act because their employers used biometric time clocks – such as fingerprint scanners or facial recognition scanners – without explaining the purpose for which the employer collected biometric data or the time period the employer would retain it or without obtaining employees’ written consent to collecting the biometric data. The Biometric Information Privacy Act permits plaintiffs to recover statutory damages of at least $1,000, even when they do not plead or prove actual harm (“Biometric Privacy Case Before Illinois Supreme Court Could Open Litigation Floodgates”).
The Illinois Supreme court will determine whether an individual can obtain statutory damages when the only injury is a violation of the notice-and-consent requirements. The Plaintiffs in many of these cases are seeking statutory damages for each time an employer collected biometric data from each employee without notice or consent. While this interpretation may not be the one accepted by the Illinois Supreme Court, even an award of $1,000 to each employee where there was a violation of the Act could quickly cost employers thousands if not hundreds of thousands of dollars, depending on the number of employees they have.
Some types of statutory violations can be insurable in Illinois. In 2013, the Illinois Supreme Court held that minimum statutory damages prescribed under the Telephone Consumer Protection Act are insurable because they are remedial and not punitive in nature (Standard Mutual v. Lay, 2013 WL 2253203 (Ill. May 23, 2013).) The Telephone Consumer Protection Act (TCPA) prohibits junk faxes – those sent without the recipient’s prior express consent – and provides a private right of action with statutory damages of $500 for each violation. The decision in Lay opened the door to insurance coverage by ruling that statutory damages sought from an insured constitute a loss that may be insurable, depending on the policy language. Violations under the TCPA are similar to those in the Biometric Privacy Act because the wording in both leads to plaintiffs facing similar difficulties in proving actual damages. Under the reasoning in Lay, the Illinois Supreme Court could find that violations under the Biometric Privacy Act are similarly insurable.