Illinois Lawmakers Grapple With Risks Posed By Harvesting Data From Wearable Devices

A bill introduced in the Illinois House, HB 3024, would amend Illinois’ Biometric Information Privacy Act (BIPA or the Act) to expand the law to cover EKG results from wearable devices, such as smartwatches.

Passed in 2008, BIPA originally was enacted to address technologies that rely upon fingerprints, retina scans and other “biometric identifiers” for time clocks and security access. The Act prohibits businesses from collecting, storing or using biometric identifier information without the following: written policies, written notice to those from whom they collect the information, protocols to protect the information, and special disclosures if the information is shared with third parties.

Non-compliance is expensive: BIPA’s damages remedy is $1,000 for each negligent violation and $5,000 for each intentional violation, per person.

A recent uptick in BIPA class actions, among other things, has highlighted to policymakers that many employers, regardless of size, often don’t realize the need to safeguard workers from the risks of privacy breaches and discrimination posed by tracking and collection of biometric and health data.

Wearable devices like smart watches, which track everything from GPS data to heart rate, sleep patterns, hydration and glucose levels, create a range of privacy, wage and hour and disability discrimination risks. Yet, employers increasingly seek to track this data for a variety of business-related purposes, including keeping an eye on employee productivity, monitoring employees’ whereabouts and promoting wellness initiatives. And the trend will likely accelerate, as Forbes predicts the wearables market will double in size over the next 2 years.

Therefore, employers considering tracking wearable data should take these steps now:

  • With a lawyer’s help, provide notice to employees when their wearable data will be monitored, stored and destroyed, and evaluate the safeguards of their storage practices, as required by applicable privacy and breach notification laws.
  • Suspend geolocation and other monitoring of employees when they are off premises and off duty.
  • Make sure any monitoring or use of employees’ health information complies with the Americans with Disabilities Act (ADA) rules for medical examinations and inquiries.
  • Monitor legislation at the federal, state and local levels for additional legislation. As we previously reported here Illinois is in the vanguard of states when it comes to regulating employers’ fast-evolving use of technology in the workplace.

The full text of HB 3024 can be viewed here.

The status of the bill can be tracked here.

Never miss an update from Savine Employment Law, Ltd! Subscribe to our blog by clicking the feed icon next to our social icons. You must have a feed reader installed on your browser. We like feedly. Or, join the conversation on social media through our presence on LinkedIN, Facebook and Twitter.

Gary Savine is an Illinois employment lawyer and founder of Savine Employment Law, Ltd. in Chicago. Gary regularly advises human resources professionals on recently enacted employment laws.