Kane County Reporter

Last month Rep. Jeff Keicher (R-Sycamore) filed a pair of bills regarding biometric information collection, which were assigned to the House Judiciary-Civil Committee.

House Bill 3199 was assigned to the committee on Feb. 28 and allows for electronic consent to be considered written and sets rules for what people affected by a violation can act on. The affected person needs to provide written notice within 15 days and point out what part of the act was violated. The bill also notes that if the private entity takes action to cure the violation, no action for damages against the private entity can occur. House Bill 2335 lays out when a collecting entity needs to notify people of biometric information collection.

“If the biometric identifier or biometric information is collected or captured for the same repeated process, the private entity is only required to inform the subject or receive consent during initial collection,” House Bill 2335 reads.

On Feb. 22 Keicher released a statement on his website about how he was concerned that Biometric Information Privacy Act (BIPA) rulings could damage the Illinois job climate. He also announced that he was filing legislation to address these “unintended consequences.”

“It’s no secret Illinois is already one of the most difficult places in the country to start and grow a business,” Keicher said. “The recent decisions by the Illinois Supreme Court concerning our biometric privacy law highlight just how bad the climate is for job creators and why we need to take action quickly to address the unintended consequences.”

He said that in 2008 the state enacted BIPA and the purpose was to protect employees and biometric information including fingerprints and facial recognition, as well as other aspects, from being tracked without consent. He said two rulings by the Illinois Supreme Court showed that there are flaws in the law, opening job creators to “immense financial damages well beyond the intended scope of the law.”

Keicher referred to Cothron vs. White Castle where the court ruled that whenever biometric data is collected without a written release there is a violation, rather than only in the first instance data is collected. White Castle uses a fingerprint time-clock system, which employers commonly use. White Castle faced up to $17 billion in fines, which far exceed the purpose of BIPA. 

Another ruling referred to was Tims vs. Blackhorse Carriers, Inc. in which the court ruled because of ambiguity in BIPA, the five-year statute of limitations applies for filing a lawsuit instead of the one-year allowed through the Illinois Code of Civil Procedure.

Both rulings say that a plaintiff doesn’t need to demonstrate harm was suffered to seek damages.