Employers who have personnel in Illinois have been hard hit with class actions in the last few years under the state's biometric data privacy law (BIPA). Until October, none had gone through a full trial to a jury, however. Now, railroad company BNSF has taken a case through trial and lost, to the tune of $228 million in damages. BNSF was sued by a delivery driver who represented a class of 44,000 truck drivers alleging that the rail company illegally scanned their fingerprints (i.e., without proper notice and consent) as part of security measures used when drivers pick up or drop off loads at rail yards. BNSF used a contracted security company to scan and collect fingerprints.
Why It Matters
The jury took just over an hour to deliver its verdict, signaling strong feelings about the violations at issue. The jury assessed statutory damages for 45,000+ willful BIPA violations based on the number of drivers at issue. That in itself is alarming from an employer perspective, and merits a close review of the disclosures made and consents obtained from employees and contractors at Illinois facilities that use fingerprint, retina, or facial recognition scans as part of access controls. In addition, the fact that BNSF is being held liable for the omissions of its contractor suggests that employers should vet their contractor practices carefully and review contracts carefully.