Seyfarth Synopsis: BNSF Railway seeks a new trial following the verdict against it in the first ever jury verdict in an Illinois Biometric Information Privacy Act (“BIPA”) class action. BNSF contends that the verdict, which resulted in a court award of $228 million in damages, is unconstitutional and unreasonable given the class members suffered no actual harm.
As a refresher, under BIPA, biometric information is any information “regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.” 740 ILCS §14/10. The Act provides a private entity may not “collect, capture, purchase, receive through trade, or otherwise obtain” this information without informed consent. 740 ILCS §14/15(b). To comply with this state law, companies must provide informed, written consent before the capture, use and storage of biometric information, as well as notices specifying the company’s data collection practices. Damages for each negligent violation can rise to $1,000, with reckless or intentional violations being capped at $5,000.
Last month, a Chicago jury heard the first ever jury trial of a BIPA class action in the case Rogers v. BNSF Railway Company. At issue was whether–and to what degree–BNSF could be held vicariously liable under the BIPA for conduct by a third-party vendor that operated finger scanning technology. Despite BNSF’s argument that the railway’s vendor was the entity that collected the employees’ biometric data (and not the railway), the jury found that the railway was liable for approximately 45,600 reckless or intentional violations. Now, in its motion for a new trial, BNSF argues that the “unprecedented judgment awarding plaintiff and the class a nine-figure windfall despite their admission that they suffered no actual harm was not supported by the evidence at trial.”
While BNSF claims that the ruling is unconstitutional, it also argues that the evidence proposed to the jury was not enough to support a finding of liability. The railway argues that even in the case that there is a finding of liability, any violations would constitute negligence, rather than reckless or intentional violations. Should BNSF successfully argue that its violations were negligent, damages may still be upwards of $45 million.
BNSF also noted the Illinois Supreme Court’s pending decision in Cothron v. White Castle, which will decide whether BIPA claims accrue “each time a private entity scans a person’s biometric identifier and each time a private entity transmits such a scan to a third party, respectively, or only upon the first scan and first transmission.” 20 F.4th 1156, 1167 (7th Cir. 2021). If the Illinois Supreme Court sides with the defendant in White Castle, BNSF argues that the plaintiff’s claim will be dismissed and the class decertified.
Should the Court deny BNSF’s motion for a new trial, the railway previously said it plans to appeal the verdict.
The time is now for employers to conduct internal audits to make sure they are BIPA compliant.
• Obtain a written consent form from individuals if you intend to collect, use, store, or disclose any personal biometric information.
• Notify individuals in writing that the information is being collected or stored and the purpose and length of time for which the biometric identifier will be collected, stored, and used.
• Create and maintain a retention schedule for biometric data retention and guidelines for permanently destroying biometric information.
For more information about the Illinois Biometric Information Privacy Act, and how this development may affect your business, contact the authors, your Seyfarth attorney, or Seyfarth’s Workplace Privacy & Biometrics Practice Group.