and News

Home > Blog/News

Illinois Federal Court BIPA Trial Results in $228 Million Judgment

In 2008, the State of Illinois enacted the Biometric Information Privacy Act, 740 ILCS 14 et seq. (“BIPA”). Illinois was one of the first states to enact a law to address and regulate business’s collection of biometric data (Biometrics are unique physical characteristics, such as fingerprints, that can be used for automated recognition.) The use of biometric data in business is now widespread and common, which includes such uses as time management, security access, safety, and wellness programs.

At its core, BIPA contains a comprehensive set of rules for the collection and use of biometric data and has several key features:

  • BIPA requires consent prior to collection of biometric data
  • BIPA contains a limited right to dissemination of biometric data
  • BIPA requires businesses to protect biometric data and contains retention guidelines
  • BIPA allows a private cause of action for individuals
  • BIPA provides statutory damages of $1,000 per negligent violation and $5,000 for each intentional or reckless violation.

For many years, BIPA flew under the radar in Illinois with few lawsuits filed alleging violations of BIPA’s collection and dissemination regulations. All of that changed in 2015, when five similarly situated class action lawsuits were filed against companies, alleging the unlawful collection and use of biometric data. A central question in the BIPA litigation that followed was whether a plaintiff must allege actual injury to recover damages from a BIPA violation. In 2019, the Illinois Supreme Court held that actual harm is not a requirement to recover damages under BIPA. Rosenbach v. Six Flags, 129 N.E.3d 1137 (2019).

On October 12, 2022, in Richard Rogers v. BNSF Railway Company (Case No. 19-cv-2038, N.D. Ill.), a federal court jury in Chicago returned a verdict in favor of the plaintiff in a class action lawsuit against BNSF Railway Company (“BNSF”), finding that BNSF recklessly or intentionally violated BIPA 45,600 times (the “BNSF Case”). The jury found that BNSF violated BIPA by collecting truck drivers’ fingerprints without consent, for identity purposes when entering BNSF rail yards to pick up or drop off loads. Following the jury’s verdict, the court entered judgment against BNSF in the amount of $228 million. The BNSF case is the first BIPA case to go to trial in Illinois.

The BNSF case demonstrates how damages are calculated in BIPA cases and the potential severity of such damages when a company violates BIPA, even when the plaintiff does not demonstrate actual harm.

What does this mean for my business?

BIPA requires all businesses in Illinois to protect biometric data. Under BIPA, a business is required to protect and store all biometric data to the same extent it protects other confidential information (such as SSNs or bank records). Businesses should have a robust BIPA compliance program in place and BIPA compliance programs should be reviewed and updated frequently.

Given the stakes, if you have any questions about BIPA, please contact one of the attorneys at Polales Horton & Leonardi. We have the experience necessary to proactively help businesses implement BIPA compliance programs to avoid BIPA lawsuits and, should the need arise, we have successfully litigated BIPA lawsuits if your business has received notice of an alleged BIPA violation.