Hotel Employees Biometric Information Collection and Use Illinois BIPA Class Action

This biometrics class action brings suit against four hotel management companies that have participated in the management of the Hilton Chicago/Oak Brook Hills Resort & Conference Center between 2014 and the present. When these companies hire an employee, they require the person to have their fingerprints or hands scanned by a biometric system used for timekeeping—and the complaint alleges that when they do this, they violate Illinois’s Biometric Information Privacy Act (BIPA).

The class for this action is all individuals working for any of the defendants in this case in Illinois who had their fingerprints or hand geometry collected, captured, received, or otherwise obtained, maintained, stored, or disclosed, during the applicable statutory period.

The defendant companies include Prospera, LLC, Portfolio Hotels & Resorts, Maverick Hotels and Restaurants, and Somnium Hospitality Group, LLC.

Biometrics are not like other identifiers. Common identifiers, like identity card or Social Security numbers, can be replaced if they are stolen and misused. But no one can replace their fingerprints.

The complaint reports that an illegal market for biometric data already exists, and that data thieves have targeted Aadhaar, a large biometric database which contains data on over a billion citizens of India. In the US, a 2015 data breach at the US Office of Personnel Management exposed data of more than 21.5 million people, including some biometric information.

Illinois is one of the few states to have made a start on regulating the collection and use of biometric information with its BIPA law. This is because in the 2000s, many companies were using Illinois, and particularly Chicago, to test ways to use biometrics in common transactions. An important point came when a company called Pay by Touch filed for bankruptcy, because of the concern about what would happen to its extensive library of fingerprint records—whether it would be sold or shared in ways that might expose the subjects to risk.

BIPA requires that private entities that want to take biometric information from people must do certain things:

  • They must inform the subject in writing of the purpose and length of time for which their information was being collected, stored, and used.
  • They must have a publicly-available retention schedule and plans for the permanent destruction of the biometric information collected.
  • They must get a release from the subject to collect, store, and use the biometric information.
  • They must get consent from the subject to disclose, redisclose, or otherwise disseminate the collected biometric information.

According to the complaint, the defendant companies did none of these things when they collected employee biometrics.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Hotel Employees Biometric Information Collection and Use Illinois BIPA Complaint

November 25, 2020

This biometrics class action brings suit against four hotel management companies that have participated in the management of the Hilton Chicago/Oak Brook Hills Resort & Conference Center between 2014 and the present. When these companies hire an employee, they require the person to have their fingerprints or hands scanned by a biometric system used for timekeeping—and the complaint alleges that when they do this, they violate Illinois’s Biometric Information Privacy Act (BIPA).

Hotel Employees Biometric Information Collection and Use Illinois BIPA Complaint

Case Event History

Hotel Employees Biometric Information Collection and Use Illinois BIPA Complaint

November 25, 2020

This biometrics class action brings suit against four hotel management companies that have participated in the management of the Hilton Chicago/Oak Brook Hills Resort & Conference Center between 2014 and the present. When these companies hire an employee, they require the person to have their fingerprints or hands scanned by a biometric system used for timekeeping—and the complaint alleges that when they do this, they violate Illinois’s Biometric Information Privacy Act (BIPA).

Hotel Employees Biometric Information Collection and Use Illinois BIPA Complaint
Tags: BIPA, Biometric Data, Taking/Storing/Using Biometric Data, Your Privacy