The tallest person in recorded history, Robert Pershing Wadlow, stood at 8 ft. 11 inches tall. He happened to be born in Alton, Illinois, just across the border from Missouri. If he were alive today (he died from an infection in 1940), and decided to shop at the Target in his hometown, or any private business, it would be illegal for them to capture, store, or disseminate certain information about him without first taking specific steps to comply with the law in Illinois. Target would have to wait for him to cross the river into St. Louis should they want to scan his hands to preemptively stock his glove size (apparently, his hands were a record 12.5 inches big).
I’m from Illinois, and I’m here to Protect your Biometric Data
What is this law in Illinois? Called the Biometric Information Privacy Act (BIPA), it regulates what kind of biometric information private companies can collect on their consumers and employees, and what they can do with it.
What is considered “Biometric” exactly? It’s actually quite specific. Target could take Wadlow’s height, it could have a scale in the grocery section somewhere to capture his weight, it could also film him perusing the aisles, and it could keep that footage. It could record his written signature if someone at the store wanted an autograph. But if Target started to scan his iris, record his voice signature, or the geometry of his face or hands, they’d be capturing his “Biometric” information and would need to comply with the following:
- They must have a public, written policy for permanently destroying such information.
- They must inform him ahead of time, specifying the length of time such information will be kept (but no longer than 3 years) and for what purpose.
- And, perhaps most importantly, they cannot profit from having such data–it must be treated as confidential.
While this sounds simple enough, compliance has proven a challenge for some of the nation’s largest companies. Class action lawsuits have been filed against the likes of Target, Facebook, and others.
The Hidden Cost of Secret Data
I have a bad idea–let’s use a fingerprint scanner for our employees to use the gate system at our transport company. Last year, a jury found that this system violated the rights of 46,500 drivers at BNSF Railway, requiring the company to pay $228 million in damages. Though the award was later lowered, settling for $75 million, other companies haven’t been so lucky. In 2021, $650 million was what it took for Facebook to settle a class action suit that alleged its facial recognition software–where users are automatically “tagged” in photos uploaded to the platform–violated BIPA. Tiktok parent company ByteDance spent $92 million in part to settle similar claims in 2021. More recently, class actions have been filed against Wingstop who, along with ConverseNow, are alleged to have created a so-called “voiceprint” technology for Illinois customers ordering over the phone. Amazon warehouse workers in Illinois, who were required to clock in and out with a face scan, have also filed a class action against the company, alleging it violated BIPA by failing to inform employees ahead of time, failing to have written policy for the destruction of their biometric information, as well as allegedly sharing the data with third parties.
While things look to be quieting a bit in this area of class action litigation, there is a push to expand BIPA to the rest of the country. In 2020, the National Biometric Information Privacy Act was introduced in the US Senate. If passed, it would make it illegal for private companies to secretly gather, store, or sell biometric data, and it would shrink the holding period of legally collected data from three down to just a single year. For more insights on legal trends and more, subscribe to RapidFunds on LinkedIn. RapidFunds has been providing settlement funding for almost 20 years. We’ve completed over 4,000 transactions and have helped thousands of firms with funding. Stop waiting for your legal fees and contact RapidFunds today.