Seyfarth Synopsis: The New York state legislature recently introduced a standalone biometric information privacy bill, AB 27, that mirrors Illinois’ Biometric Information Privacy Act (740 ILCS § 14/1 et seq., “BIPA”), which has spawned thousands of class actions in the Land of Lincoln. If enacted, The New York bill would become only the second biometric privacy act in the United States to provide a private right of action and plaintiffs’ attorneys’ fees for successful litigants. This represents a significant development for companies and employers operating in New York in light of the explosion of class action litigation over workplace privacy issues.
Details Of New York’s Proposed Legislation
What can otherwise be characterized as BIPA 2.0, New York proposed and introduced its own “Biometric Privacy Act” on January 6, 2021. New York’s proposed “Biometric Privacy Act” is a carbon copy of the Illinois BIPA, including identical definitions of both biometric identifiers and biometric information. The proposed law prohibits private entities from capturing, collecting, or storing a person’s biometrics without first implementing a policy and obtaining written consent. Most notably, the proposed bill provides for identical remedies to BIPA, whereas an aggrieved person under the proposed bill will be afforded a private right of action with the ability to recover $1,000 for each negligent violation, $5,000 for each intentional or reckless violation, and reasonable attorneys’ fees and costs.
Implications For Companies
Companies that are already familiar with the Illinois BIPA are undoubtedly aware of the risks that the proposed New York biometric privacy bill poses. While the BIPA was enacted in 2010, Illinois has seen an explosion in class action litigation over the past few years brought by employees and consumers alleging that their biometric data was improperly collected for timekeeping, security, and consumer transactions. In fact, between 2015 and 2020 alone, there were over 1,000 Illinois BIPA class action complaints filed across the United States, with additional new filings continuing to be initiated every day.
It remains to be seen if New York’s biometric privacy bill will pass as drafted. However, if enacted as it is currently drafted, companies in New York can also expect to face an onslaught of biometric privacy litigation. Compliance is key, and there no better time to think about your company’s biometric privacy compliance than right now. Companies with New York operations that are utilizing anything that could be considered biometrics, for any reason, should consider audit their practices, policies, and procedures to avoid potentially costly exposure in the event that the bill ultimately passed. Businesses with compliance questions should contact a member of Seyfarth Shaw’s Biometric Privacy Compliance & Litigation Practice Group.
While this proposed bill is only days old, we will provide immediate updates on its progress when available.