Skip to content

Menu

LexBlog, Inc. logo
CommunitySub-MenuPublishersChannelsProductsSub-MenuBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAboutContactResourcesSubscribeSupport
Join
Search
Close

Maryland Joins Growing Number Of States Introducing Biometric Information Privacy Bills With Potential To Spur Class Action Litigation

By Gerald Maatman, Jr. & Thomas E. Ahlering on February 23, 2021
Email this postTweet this postLike this postShare this post on LinkedIn

Cross-posted from Seyfarth’s Workplace Class Action Blog.

Seyfarth Synopsis: Following in the footsteps of New York, Maryland recently introduced a standalone biometric information privacy bill, House Bill 218, that mirrors Illinois’ highly litigious Biometric Information Privacy Act (740 ILCS § 14/1 et seq., “BIPA”) in many respects. Most notably, as presently drafted, Maryland’s proposed bill, like Illinois’ BIPA, provides for a private right of action, statutory penalties, and plaintiffs’ attorneys’ fees – which has spawned thousands of class actions in the Land of Lincoln. If enacted, the Maryland bill would become only the second biometric privacy act in the United States to provide a private right of action and plaintiffs’ attorneys’ fees for successful litigants. This represents a significant development for companies and employers operating in Maryland in light of the explosion of class action litigation that has arisen from Illinois’ BIPA in recent years. Moreover, the recent introduction of such bills in Maryland and New York signal that states are increasingly modeling proposed biometric privacy litigation on Illinois’ BIPA. Employers must take notice and monitor such developments to avoid being subject to a class action lawsuit – particularly as the purposes for utilizing such technology continue to expand.

Details of Maryland’s Proposed Legislation

Like New York’s proposed legislation that mirrors Illinois’ BIPA in many respects which we previously blogged about here, Maryland has proposed a similar bill entitled “Commercial Law – Consumer Protection – Biometric Identifiers and Biometric Information Privacy.”  The proposed law, like Illinois’ BIPA, prohibits private entities from capturing, collecting, or storing a person’s biometrics without first implementing a policy and obtaining written consent, implements standards of care for the handling of biometrics, and prohibits disclosure of biometrics without consent.  Most notably, the proposed bill provides for identical remedies to BIPA, whereas an aggrieved person under the proposed bill will be afforded a private right of action with the ability to recover $1,000 for each negligent violation, $5,000 for each intentional or reckless violation, and reasonable attorneys’ fees and costs.

However, Maryland’s proposed legislation does differ from Illinois’ BIPA in a couple of respects. For example, the definition of “biometric identifiers” is arguably even broader, extending to “data of an individual generated by automatic measurements of that individual’s biological characteristics such as fingerprint, voiceprint, genetic print, retina or iris image, or any other unique biological characteristic that can be used to uniquely authenticate the individual’s identity.” Moreover, the proposed legislation also clarifies that the broader definition of “biometric information,” which includes “any information regardless of how it is captured, converted, stored, or shared based on an individual’s biometric identifier used to identify an individual,” does not include “information derived from an item or a procedure excluded under the definition of a biometric identifier,” such as photographs or information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under HIPAA. Unlike Illinois’ BIPA, the proposed Maryland legislation also clarifies that a policy regarding retention/destruction of biometrics need not be made “publicly available” if the policy “applies only to the employees of the private entity,” and “is used solely for internal company operations.”

Implications For Companies

Companies that are already familiar with the Illinois BIPA are undoubtedly aware of the threats that the proposed Maryland biometric privacy bill poses. While the Illinois BIPA was enacted in 2010, it has seen an explosion in class action litigation over the past few years brought by employees and consumers alleging that their biometric data was improperly collected for timekeeping, security, and consumer transactions. In fact, between 2015 and 2020 alone, there were over 1,000 Illinois BIPA class action complaints filed across the United States, with additional new filings continuing to be initiated every day.

It remains to be seen if Maryland’s biometric privacy bill will pass as drafted. However, if enacted as it is currently drafted, companies in Maryland can also expect to experience an onslaught of biometric privacy litigation. Compliance is key, and there no better time to think about your company’s biometric privacy compliance than right now. Companies with Maryland operations that are utilizing anything that could be considered biometrics, for any reason, should consider audit their practices, policies, and procedures to avoid potentially costly exposure in the event that the bill ultimately passed. Businesses with compliance questions should contact a member of Seyfarth Shaw’s Biometric Privacy Compliance & Litigation Practice Group.

While this proposed bill was only recently introduced, Seyfarth Shaw will provide immediate updates on its progress when available.

Photo of Gerald Maatman, Jr. Gerald Maatman, Jr.

Gerald is a partner in the Wage & Hour Litigation Practice Group in Seyfarth Shaw’s Chicago office. Mr. Maatman has a primary emphasis in his practice on defending employers sued in employment-related class actions and EEOC pattern and practice lawsuits brought in federal…

Gerald is a partner in the Wage & Hour Litigation Practice Group in Seyfarth Shaw’s Chicago office. Mr. Maatman has a primary emphasis in his practice on defending employers sued in employment-related class actions and EEOC pattern and practice lawsuits brought in federal and state courts throughout the United States. Mr. Maatman also pioneered the process of conducting employment practices audits to assist employers in structuring effective and practical personnel policies and protocols. These audits are designed to minimize the incidence of employment-related class action litigation and to maximize management discretion and workplace productivity. Mr. Maatman’s work in this area has been profiled in the Wall Street Journal and Time Magazine.

Read more about Gerald Maatman, Jr.EmailGerald's Linkedin Profile
Show more Show less
  • Posted in:
    Privacy & Data Security
  • Blog:
    The Global Privacy Watch
  • Organization:
    Seyfarth Shaw LLP
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • The FTI Award Journal
  • International Dispute Resolution
  • China Law Update Blog
  • Law of The Ledger
  • Antitrust Law Blog
Copyright © 2022, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo