Illinois Privacy Regulation Compliance for Small to Mid-Sized Companies

November 2, 2022

There is no singular method used at the federal level for controlling the collection and storage of data.  While courts and federal agencies, such as the Federal Trade Commission (FTC), regulate small portions of U.S. data collection, it differs at the state level, where several states have passed legislation on the collection, storage, and use of data-by-data collectors.

Illinois has enacted several data privacy laws, which include the Biometric Information Privacy Act (BIPA). BIPA regulates the collection, disclosure, and destruction of biometric information possessed by private businesses in the state. Biometric information is based on a person’s biometric identifiers, including retina and iris scans, fingerprints, voiceprints, or scans of face or hand geometry. Under state law, no private business can collect a customer’s biometric identifiers or information unless it informs the person in writing of the collection, length of storage, and purpose of the collection. The business must also receive a written release from the individual after the written notice.

BIPA provides a private cause of action against any business that fails to notify individuals of the collection of their biometric information. Potential plaintiffs not need to allege actual injury  in order to bring a private cause of action under BIPA – they only need to allege a violation of their rights under BIPA. While not all businesses are affected by BIPA, it’s important for businesses to be mindful of all information they store. Illinois’ BIPA statute does not contain criteria for an entity to be subject to the law.

If you have question or concerns regarding the Illinois’ Data Privacy Laws and how it may affect you or your business, please contact the qualified attorneys at Rock Fusco & Connelly.