Reforms in 2024 to Illinois’ Biometric Info Privateness Act might have slowed the frequency and severity of litigation, however there stay important penalties for violation of the legislation.
Insurance coverage Journal was in a position to ask professional Jason M. Rosenthal of Chicago-based A lot Legislation some questions on developments within the laws, litigation developments, and greatest practices for firms.
You’ve been talking about and advising firms on the Illinois Biometric Info Privateness Act for fairly a while. In 2025, what’s the single most necessary factor for firms in Illinois to bear in mind?
Compliance. Compliance just isn’t troublesome, however it’s important. Firms want to know the legislation and the necessities for gathering or utilizing biometric data of varied varieties. Simply as non-Illinois firms working in Illinois want to pay attention to BIPA’s necessities, Illinois firms should additionally keep knowledgeable about privateness legal guidelines in different jurisdictions by which they function or in any other case do enterprise.
In 2024, there have been some court docket rulings and new amendments to BIPA. Do any of these legislative modifications apply retroactively? If that’s the case, to what extent will insurance coverage firms be on the hook to pay damages? [This last question is unrelated to the issue of retroactivity]
Whether or not sure modifications apply retroactively continues to be an ongoing subject within the courts. The most important query is whether or not the modification clarifying that repeated biometric knowledge assortment violations represent as a single violation for every plaintiff applies retroactively. Lately, completely different judges have reached completely different conclusions as as to if amendments apply retroactively, and the Illinois Supreme Court docket might finally must determine the difficulty. Moreover, some judges have dominated in a different way on the identical insurance coverage protection points associated to BIPA claims.
Are you anticipating extra, much less or the identical quantity of litigation round these points in 2025?
There has already been a decline within the submitting of BIPA circumstances, and I count on that decline to proceed as extra firms convey themselves into compliance. Most firms now are, or needs to be, conversant in BIPA, and the dangers of non-compliance. That mentioned, statutes just like the Phone Client Safety Act (TCPA) have been in place for many years. This statute ruled the unauthorized sending of blast faxes. Regardless of the large publicity of those circumstances and important penalties of non-compliance, not to mention the downturn in using facsimile machines, TCPA lawsuits are nonetheless sometimes filed. So, we are going to seemingly proceed to see BIPA lawsuits within the years to return.
Do you foresee any main shifts in BIPA litigation within the subsequent 12 months?
I count on that this litigation ought to proceed to subside; until, in fact, plaintiffs’ legal professionals develop new, artistic methods to argue non-compliance and firms fail to take proactive steps to make sure the correct consent paperwork are in place.
Are there any present circumstances you’re monitoring that may have an effect on BIPA litigation and insurance coverage protection?
The query of whether or not the 2024 amendments apply retroactively is at the moment working its manner by means of the courts, with seemingly additional rulings anticipated in 2025. Moreover, litigation might proceed over what constitutes biometric data beneath the statute and whether or not it applies. Most insurance coverage insurance policies now embody categorical exclusions for biometric claims.
What steps can firms in Illinois take to make sure full compliance?
Contact acceptable authorized counsel. It can be crucial not solely to have correct compliance in place, but additionally to know what constitutes biometric data within the first place, and when compliance is critical.
What are some widespread missteps you see firms take that would put them in critical danger?
An enormous misstep is failing to know what constitutes biometric data and when the statute applies. Lots of the unique BIPA circumstances concerned timeclocks, however these circumstances have dramatically decreased. Now, plaintiff-side class-action legal professionals have gotten extra artistic to find purported situations the place firms are gathering or utilizing biometric data, which will not be readily obvious. Thus, firms want to think about whether or not any data they’re utilizing might doubtlessly fall inside the ambit of the statute.
BIPA impacts Illinois firms, however why ought to firms in different states take note of what’s occurring right here?
Regardless of the arguably poor rollout of BIPA, different states are additionally enacting new legal guidelines governing privateness, together with using biometric data. Many firms situated outdoors Illinois however with operations within the state had been caught off guard by the statute making use of to their companies. As increasingly states—and even international locations— privateness legal guidelines, firms should perceive the legal guidelines within the jurisdictions by which they’re doing enterprise. Once more, BIPA applies to firms performing in Illinois, no matter whether or not they’re an Illinois company or whether or not they’re situated right here.
Matters
Lawsuits
Considering Lawsuits?
Get automated alerts for this subject.
