In May, we told you about proposed revisions to the Illinois Biometric Information Privacy Act (“BIPA”) that should provide some welcome relief for defendants. Governor J.B. Pritzker has now signed that reform legislation into law.
With the governor’s signature, Senate Bill 2979 takes effect immediately to clarify that scanning the same information on the same person using the same method constitutes one offense for damages purposes, no matter how many times the scanning occurs. Similarly, disclosure of the same information about the same person to the same recipient using the same method also constitutes one offense. In other words, if a business is repeatedly scanning or disclosing the same information about the same person (such as when an employee clocks in using a fingerprint each day), that is only one violation – not a separate violation each time it occurs. This clarification should have a significant impact on the value of BIPA cases because plaintiffs’ lawyers have pushed for a “per scan” model leading to astronomical damages calculations by them.
The amendment also expands “written release” to include not just informed written consent but also electronic signatures. For a full analysis of the statute and its implications, we suggest a review of our prior blog post. But now that SB 2979 has been enacted, we look forward to its impact on BIPA litigation. Business advocates and defense lawyers have expressed concern that the law doesn’t go far enough, with many businesses still fearing being exposed to the threat of large BIPA liability. And some plaintiffs’ lawyers have confirmed that fear, stating that the amendment will not change how they value BIPA cases. SB 2979 is silent on whether it should be applied retroactively; it remains to be seen how the courts will apply these standards to pending cases.
We’ll continue to track the impact of SB 2979; please keep an eye on this space for further updates.