Over on our sister blog, the Employment Law Letter (you’ve subscribed to that one, right?), my colleague Marc Lombardi has word of a potential $17B penalty for potential violations of the Illinois Biometric Information Privacy Act.
The case arises from the allegations that White Castle required employees to scan their fingerprint in order to access pay stubs and then disclosed those fingerprint images to an external vendor.
As Marc recaps:
BIPA was one of the first state laws to protect biometric information used in business, but many other states, including Connecticut, have followed along.
Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring (the “CTDPA”), which takes effect on July 1, 2023, requires the individual’s consent before collecting or processing sensitive data (including biometric information) in addition to a privacy notice describing how the individual’s personal data (including sensitive biometric information) are used and shared with other parties.
With so much going on in employment law (and this time of year, employers are also typically managing performance reviews, bonuses, etc), it might be easy to overlook this requirement as well. But with the deadline coming up for implementation of the CTDPA, the case serves as an important reminder that employee privacy must remain a priority for employers to consider.
For more information on data privacy issues, you can find some of our earlier posts here.
My thanks to Marc for sharing this important case.