The Sygma Network, Inc. requires that its employees scan their fingerprints for timekeeping purposes. The complaint for this class action alleges that Sygma also collected, stored, and used the fingerprints of its employees in Illinois without fulfilling the requirements of an Illinois law, the Biometric Information Privacy Act (BIPA).
The class for this action is all individuals who work for Sygma in Illinois who had their biometric identifiers or information collected, captured, or otherwise obtained, maintained, stored, or disclosed by Sygma during the applicable statutory period.
The collection, storage, and use of biometrics pose “serious and irreversible privacy risks” for people the complaint alleges. If, for example, an employee ID badge is lost or stolen, the person can have the badge canceled and can get another one with a different number. But if a set of fingerprints are stolen, the person cannot cancel their fingers and get a new set of prints.
Once biometrics are stolen, people have no means of preventing their use for identity theft, unauthorized tracking, or other improper or unauthorized purposes.
Hackers have already begun stealing biometrics, for example in the 2015 data breach at the United States Office of Personnel Management, which exposed the biometrics of more than 21.5 million federal employees, contractors, and job applicants. They also have attacked Aadhaar, the world’s largest biometric database, and Suprema, a security company that uses fingerprints and facial scans at more than 1.5 million locations around the world.
Illinois passed BIPA to begin to regulate the collection, storage, and use of biometrics for the people in that state. The complaint alleges that Sygma violated BIPA because it failed to do a number of things:
- It failed to inform employee in writing of the specific purpose and length of time for which their fingerprints would be collected, stored, and used.
- It failed to provide a publicly-available retention schedule and guidelines for eventually permanently destroying the fingerprints it collected.
- It failed to get a written release from employees before collecting, storing, or using their fingerprints.
- It failed to get their employees’ consent to disclose or share their fingerprints with other parties.
The complaint therefore alleges that Sygma has violated BIPA. It asks the court for an order declaring the company has violated the law, requiring it to stop the unlawful activities, and awarding damages to the Illinois employees whose rights have been violated.
Under the law, persons whose rights have been violated may recover $1,000 or actual damages, whichever is greater, for each negligent violation, and $5,000 or actual damages, whichever is greater, for each intentional or reckless violation.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Sygma Network Taking of Fingerprints BIPA Illinois Complaint
March 25, 2022
The Sygma Network, Inc. requires that its employees scan their fingerprints for timekeeping purposes. The complaint for this class action alleges that Sygma also collected, stored, and used the fingerprints of its employees in Illinois without fulfilling the requirements of an Illinois law, the Biometric Information Privacy Act (BIPA).
Sygma Network Taking of Fingerprints BIPA Illinois ComplaintCase Event History
Sygma Network Taking of Fingerprints BIPA Illinois Complaint
March 25, 2022
The Sygma Network, Inc. requires that its employees scan their fingerprints for timekeeping purposes. The complaint for this class action alleges that Sygma also collected, stored, and used the fingerprints of its employees in Illinois without fulfilling the requirements of an Illinois law, the Biometric Information Privacy Act (BIPA).
Sygma Network Taking of Fingerprints BIPA Illinois Complaint