Surge in class-action lawsuits resulting from biometric privacy laws

“Alleged victims can bring suit on the basis of a technical violation alone, and without the need to prove that they suffered actual damages,” warn the authors of Chubb’s report. (Photo: Shutterstock)

If your company is collecting fingerprints, iris scans and voice prints to authenticate employees or customers, make sure you follow a growing number of state biometric privacy laws or you could face significant litigation, according to the Chubb’s latest Cyber InFocus report, “Know the Latest Trends in Cyber Risks.”

The report discusses “a surge” of class-action lawsuits for alleged violations of Illinois’ Biometric Information Privacy Act, which regulates the collection, use, storage and destruction of a person’s biometric identifiers. The 2008 law requires notice before biometric information is collected, limits the sale and disclosure of biometric information, requires reasonable care to safeguard biometric information and prohibits the retention of biometric information beyond the purpose for which it was collected.