BENTON – World Wide Technology, facing a claim that it collected biometric information from employees in violation of Illinois law, pleads that the law violates the U.S. Constitution.
Company counsel Lauren Caisman of Chicago filed notice of a constitutional challenge on June 21, in a potential class action at U.S. district court.
Caisman wrote that liquidated damages available under the Biometric Information Privacy Act are grossly excessive.
The law provides $1,000 or actual damages for negligent violation and $5,000 or actual damages for intentional or reckless violation.
Caisman declared the damages disproportionate, “in light of the absence of any actual injury or harm to plaintiff and the putative class members.”
She sent the notice to Brandon Wise of St. Louis, representing plaintiff Connie Young, and to state Attorney General Kwame Raoul.
Earlier this year, all seven Illinois Supreme Court Justices ruled that the Act doesn’t require proof of injury beyond infringement of privacy rights.
They reversed appellate court judges who would have rejected a class action for workers at Six Flags amusement park in Gurnee.
Chief Justice Lloyd Karmeier wrote, “To require individuals to wait until they have sustained some compensable injury beyond violation of their statutory rights before they may seek recourse, as defendants urge, would be completely antithetical to the Act’s preventative and deterrent purposes.”
Legislators passed the Act in 2008, applying it to private entities only.
It covers information based on a biometric identifier, regardless of how an entity captures, converts, stores, or shares it. It also defines biometric identifier as a fingerprint, a voiceprint, or a scan of a face, a hand, a retina, or an iris.
An entity subject to the Act must adopt a policy, available to the public, establishing a schedule for retention and guidelines for destruction, inform subjects of information collection and specify the purpose and obtain releases before collecting information.
No entity may sell, lease, trade, or otherwise profit from the information.
No entity may disclose or disseminate the information without consent unless a law, an ordinance, or a subpoena requires it.
An entity must protect the information using the standard of care in its industry.
An entity must provide at least as much protection for the information as for other sensitive and confidential information.
The Act provides a right of action for damages, attorney fees, and injunctive relief.
Wise filed Young’s suit in Madison County circuit court in March.
The suit claims Young began working for World Wide in Illinois in 2016, and that the company required finger scans for a timekeeping device.
Unlike badges or time cards, scans are unique and permanent.
“This exposes defendant’s employees, including plaintiff, to serious and irreversible privacy risks,” Wise wrote.
He further wrote that if a database is breached, employees have no means to prevent identity theft or unauthorized tracking.
“A person can obtain a new social security number but not a new hand,” he wrote.
He wrote that World Wide didn’t make required disclosures or obtain a release.
The suit alleges that World Wide disclosed data to third party vendors in violation of the Act, and that it lacks retention schedules and destruction guidelines.
Wise moved to certify a class action on May 6, and World Wide removed the action to federal court on May 10.
District Judge Staci Yandle presides, with Magistrate Judge Gilbert Sison responsible for discovery.