Drawing on their deep bench of experience across a number of industry verticals, Polsinelli’s cross-disciplinary National Biometric Privacy Law team is experienced in counseling and representing companies on a wide range of issues related to the collection, storage and usage of biometric data. Our Biometric Privacy team has the experience necessary to help companies of all sizes navigate the increasingly treacherous legal landscape in this rapidly expanding area of law.

Litigation

As multiple states move to enact statutes regulating the use of biometric data, the threat of putative class actions looms large over companies across the country. Polsinelli’s litigators have extensive experience representing companies against claims under these statutes, including successful defense of numerous claims filed under the Illinois Biometric Information Privacy Act (BIPA). Our experience includes representing clients in the following industries:

  • Hospitality
  • Retail
  • Food service
  • Healthcare   
  • Casino/Gaming

As part of our full-picture approach to assessing and defending against biometric privacy claims, our team also counsels clients on their potential recourse against others, such as system vendors and other intermediaries and contractors, as well as other contribution and indemnity rights potentially available to our clients by contract or common law. This includes counseling our clients regarding potential insurance coverage for these claims, as well as potential third-party claims and indemnification from vendors or other sources.

Compliance and Regulatory

Polsinelli’s National Biometric Privacy team also has experience representing information security providers creating and deploying cutting edge biometric identification solutions, and we provide experienced counsel and guidance to clients in all industries to help them ensure their compliance with biometric privacy laws across the United States. Our experience includes:

  • Privacy Policy Development – Developing written privacy policies that address the organization’s practices regarding the handling of biometric data.
  • Release and Consent Preparation – Preparing releases and individual consents to the organization’s biometric data policies and practices, including the use, storage and disclosure of biometric data.
  • M&A Due Diligence – Analyzing the biometric privacy law compliance posture of target companies in the context of M&A due diligence.
  • Vendor Management – Counseling organizations with respect to vendor biometric privacy practices, including drafting contractual language specific to biometric privacy and security requirements.

The Biometric Privacy team regularly counsels clients on these and other issues in connection with the development of comprehensive privacy and security programs that achieve compliance with myriad state, federal and international data privacy laws.

Labor & Employment

Polsinelli’s National Biometric Privacy team also helps clients navigate the developing landscape of biometric and privacy laws related to their workplaces and employees. BIPA and other comparable laws can create unexpected pitfalls as numerous providers offer time management solutions that utilize employee fingerprints, retina scans, and other biometric identifiers. Biometric identifiers can also be used to secure access to physical locations or confidential materials. While these tools can be effective means of tracking productivity and maintaining security, they can also create unforeseen liabilities if not thoughtfully implemented.  

To this end, our Biometric Privacy team helps clients establish policies and procedures to assist employers in technical compliance with applicable law. The team also advises clients on evaluating vendor agreements with an eye towards mitigating risk and ensuring that compliance does not slip through the cracks. When litigation arises, our Labor & Employment attorneys have the deep bench of experience necessary to step in to defend our clients’ interests, while also considering our clients’ business objectives throughout all phases of litigation.

  • Represented a fast food franchisor in Cook County, Illinois, in a class action lawsuit in which the 1,148 class members alleged the franchisor’s automated system of clocking in and clocking out using a thumbprint scanner to unlock point of sales machines was not compliant with BIPA.
  • Currently representing skilled nursing facilities in four BIPA class action lawsuits. Three of the lawsuits were filed in the Illinois Circuit Court in Cook County, and one was filed in DuPage County. In all four cases, the plaintiffs are former employees who allege that the defendants collected their biometric information through the use of timekeeping machines that required a fingerprint or handprints to clock-in and clock-out of work.
  • Serving as oversight counsel in a BIPA class action case pending in Cook County, Illinois filed against a client that hosts facial recognition software enabling security and surveillance personnel to capture images and compare them to pictures already in intelligence databases. The claims in the lawsuit arise out of the provisions of BIPA that govern retaining biometric information, disclosure to employees and the disclosure of biometric information to third-parties.