Millions of mobile phone, bank and investment customers now use fingerprint readers, eye scans, and voice recognition technologies as security and privacy enhancing technologies.  Biometric information can provide more security than a password, however, once biometric data is compromised, a person cannot change fingerprints or voice tones like they could a password.

The Illinois Biometric Information Privacy Act, 740 ILCS 14/1 (2008), regulates the collection, use, safeguarding and storage of biometric identifiers and information by private businesses.  The Illinois law imposes the strictest protections and limits on the use of this information in the United States.

The Illinois Supreme Court recently held that a season pass holder may sue Six Flags theme park regarding its collection of fingerprints, even though the plaintiff there had no actual damages.  An individual need not allege some actual injury beyond the violation of rights to qualify as an ‘aggrieved’ person under the Act.  This newly interpreted legal definition could result in billions of dollars in fines for companies who collect or use such information in violation of the Act.

To the extent your business or any of your vendors or contractors collects biometric data, they could be at serious risk and you should ensure strict compliance with the law.  If you have any questions about this ruling or the collection and use of biometric data, please contact us.