The Biometric Information Privacy Act (BIPA), 740 ILCS 14, regulates the collection, use, and storage of biometric data. Homeowners, tenants, and businesses in Illinois are affected by this statute, which aims to protect individuals’ biometric information.
The effective date of BIPA is October 3, 2008, with a key threshold of $1,000 to $5,000 in liquidated damages per violation, as stated in Section 20 of the statute.
Illinois Biometric Privacy Law
Under BIPA, 740 ILCS 14/15, businesses must obtain written consent from individuals before collecting, storing, or using their biometric data, with a 30-day time limit for retention. The statute also requires businesses to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric data, in accordance with the Illinois Administrative Code, 86 Ill. Adm. Code 220.100.
In practice, this means that companies must adhere to the standards outlined in Section 15 of BIPA, which includes providing notice to individuals and obtaining their consent before collecting biometric data, with a minimum $1,000 fine for non-compliance, as stated in Section 20 of the statute.
The Illinois Supreme Court has interpreted BIPA to apply to any business that collects biometric data, regardless of the purpose or intent, with a 5-year statute of limitations, as stated in 735 ILCS 5/13-201.
Biometric Data Collection Requirements
Notice Requirements
Businesses must provide individuals with written notice before collecting biometric data, including the purpose and length of time the data will be stored, with a minimum 30-day notice period, as stated in 740 ILCS 14/15. The notice must also include the retention schedule and guidelines for permanently destroying biometric data, in accordance with the Illinois Administrative Code, 86 Ill. Adm. Code 220.100.
In plain terms, this means that companies must be transparent about their biometric data collection practices, with a $5,000 fine for non-compliance, as stated in Section 20 of the statute.
Consent Requirements
Businesses must obtain written consent from individuals before collecting, storing, or using their biometric data, with a minimum 1-year record retention requirement, as stated in 740 ILCS 14/15. The consent must be specific, informed, and voluntary, with a minimum $1,000 fine for non-compliance, as stated in Section 20 of the statute.
That distinction matters, as it ensures that individuals are aware of the potential risks and benefits associated with biometric data collection, with a 30-day time limit for retention, as stated in Section 15 of BIPA.
Security Requirements
Businesses must implement reasonable security measures to protect biometric data from unauthorized access or disclosure, with a minimum $5,000 fine for non-compliance, as stated in Section 20 of the statute. The security measures must be proportional to the sensitivity of the biometric data, with a 5-year statute of limitations, as stated in 735 ILCS 5/13-201.
This is where the law gets teeth, as it holds businesses accountable for protecting individuals’ sensitive biometric information, with a minimum 30-day notice period, as stated in 740 ILCS 14/15.
Illinois Biometric Data Collection Process
The court with jurisdiction over biometric data collection disputes is the Illinois Circuit Court, with a $10,000 minimum fine for non-compliance, as stated in Section 20 of the statute. The complaint must be filed within 5 years of the alleged violation, with a 30-day time limit for retention, as stated in Section 15 of BIPA.
In practice, this means that individuals must file a complaint with the circuit court, providing notice to the business and alleging a violation of BIPA, with a minimum $1,000 fine for non-compliance, as stated in Section 20 of the statute.
Penalties and Consequences
Businesses that violate BIPA may be liable for liquidated damages of $1,000 to $5,000 per violation, as stated in Section 20 of the statute. The court may also award injunctive relief, with a minimum $5,000 fine for non-compliance, as stated in Section 20 of the statute.
In plain terms, this means that companies that fail to comply with BIPA may face significant financial penalties, with a 5-year statute of limitations, as stated in 735 ILCS 5/13-201.
Comparison to Other States
Illinois is one of the few states with a comprehensive biometric privacy law, with a minimum $1,000 fine for non-compliance, as stated in Section 20 of the statute. California, Texas, and Washington have similar laws, but with different thresholds and penalties, such as California’s $750 minimum fine, as stated in Cal. Civ. Code 1798.100.
In comparison, Illinois’ BIPA has a more stringent notice requirement, with a minimum 30-day notice period, as stated in 740 ILCS 14/15, whereas California’s law requires a minimum 45-day notice period, as stated in Cal. Civ. Code 1798.100.
Practical Steps and Enforcement
Individuals who believe their biometric data has been collected or used without consent may file a complaint with the Illinois Attorney General’s office, with a minimum $1,000 fine for non-compliance, as stated in Section 20 of the statute. The complaint must be filed within 5 years of the alleged violation, with a 30-day time limit for retention, as stated in Section 15 of BIPA.
In practice, this means that individuals must provide notice to the business and allege a violation of BIPA, with a minimum $5,000 fine for non-compliance, as stated in Section 20 of the statute.
Recent Changes and Legislative Status
Recent legislative updates have strengthened BIPA, with a minimum $1,000 fine for non-compliance, as stated in Section 20 of the statute. The Illinois General Assembly has introduced bills to amend BIPA, including HB 5543, which would expand the definition of biometric data, with a minimum $5,000 fine for non-compliance, as stated in Section 20 of the statute.
Looking forward, the future of biometric data collection in Illinois will likely be shaped by ongoing legislative efforts, with a 5-year statute of limitations, as stated in 735 ILCS 5/13-201, and a minimum $1,000 fine for non-compliance, as stated in Section 20 of the statute.
- Office of the Law Revision Counsel. relevant federal statute
- U.S. Courts. federal court procedures
- USA.gov. relevant government resource
