Carriers indemnifying Illinois biometric information privacy lawsuits may see reduced settlement amounts following a recent change in state law.
The new legislation, Senate Bill 2979, was signed by Gov. J.B. Pritzker (pictured above) on Aug. 2 and took effect immediately.
Under the previous framework of the Biometric Information Privacy Act (BIPA), each violation was considered separate, allowing plaintiffs to collect damages for each instance their personal information was revealed, according to a report from AM Best.
The newly enacted law changes this approach, limiting plaintiffs to a single recovery for multiple violations by the same entity, treating each instance as a single violation.
The law stipulates that companies found negligent in violating BIPA will face fines of $1,000 or actual damages, whichever is greater. For intentional or reckless violations, the penalties increase to $5,000 or actual damages, whichever is greater.
Biometric data, as defined by the law, includes retina and iris scans, fingerprints, "voiceprints," and scans of hand or face geometry. However, characteristics such as hair color, height, weight, and tattoo descriptions are not classified as biometric data under the statute.
Brooke Kelley, assistant vice president of state government relations at the American Property Casualty Insurance Association (APCIA), noted that the changes to BIPA should alleviate some of the pressures on businesses facing lawsuits under the act.
By capping statutory damages to a single recovery per individual, companies may avoid facing large and disproportionate damages that do not correspond to the alleged harm.
Kelley described the legislative change as a positive step but emphasized that further reforms are needed. These include exemptions for employers who use biometric identifiers or information for specific purposes, such as recording employee work hours, enhancing security, or human resource functions.
The APCIA also supports a proposal for a one-year statute of limitations on BIPA claims.
Illinois became the first state to regulate biometric data in 2008, and several other states and cities have since implemented similar regulations. These laws have raised concerns among carriers due to the potential for large class-action lawsuits and significant settlements.
What are your thoughts on this story? Please feel free to share your comments below.