Smith Senior Living required employee Cynthia Dixon to clock in and out of work by scanning her fingerprint through a biometric time clock operated by Kronos, Inc. and stored Dixon’s fingerprint in a database.
Smith did not have a policy regarding the collection of employee fingerprints, never informed its employees about the use or retention of the data and routinely disclosed the data to Kronos. Dixon sued Smith and Kronos under the Illinois Biometric Information Privacy Act, which prohibits the unauthorized collection and disclosure of “biometric identifiers,” defined as eye scans, fingerprints, voiceprints and scans of hand and face geometry.
Smith and Kronos argued the claim should be dismissed because Dixon suffered no actual harm from their failure to obtain her consent to store and disclose her fingerprint. The court disagreed.
The court found that, as a result of the transfer of biometric information between Smith and Kronos, the “alleged violation of the right to privacy in and control over one’s biometric data, despite being an intangible injury, is sufficiently concrete” to maintain the lawsuit. Dixon v. Washington & Jane Smith Community, No. 17 C 8033, 2018 WL 2445292 (N.D. Ill. May 31, 2018).
IMPACT: Texas and Washington also have laws regarding the protection of biometric data. Employers in states that collect biometric information should consult an attorney as to best practices.
Rachel L. Schaller and Daniel Saeedi are attorneys at Taft Stettinius & Hollister LLP. To comment, email firstname.lastname@example.org.