High-stakes Illinois legal battle centers on privacy, liability issues
The Illinois Supreme Court is deliberating a biometrics lawsuit with far-reaching implications for data privacy and corporate liability. Biometric data encompasses unique biological or behavioral characteristics used for identification. This can include fingerprints, facial scans, and other distinctive physical traits. The case revolves around the alleged violation of the state's Biometric Information Privacy Act by major medical institutions.
The Illinois Supreme Court recently heard oral arguments in two class action lawsuits initiated by suburban nurses, Lucille Mosby and Yana Mazya. They claim that their employers, including Northwestern Medicine and UChicago Medicine, violated the Biometric Information Privacy Act by mandating the use of fingerprint scanners to access medicine cabinets. Additionally, Becton, Dickinson and Co., the manufacturer of these cabinets, is implicated in the lawsuit.
Biometric data encompasses unique biological or behavioral characteristics used for identification. This can include fingerprints, facial scans, and other distinctive physical traits.
The Illinois Supreme Court recently heard oral arguments in two class action lawsuits initiated by suburban nurses, Lucille Mosby and Yana Mazya. They claim that their employers, including Northwestern Medicine and UChicago Medicine, violated the Biometric Information Privacy Act by mandating the use of fingerprint scanners to access medicine cabinets. Additionally, Becton, Dickinson and Co., the manufacturer of these cabinets, is implicated in the lawsuit.
The Biometric Information Privacy Act, enacted in 2008, empowers Illinois residents to take legal action against entities that mishandle biometric data, ensuring stringent protections for individuals' privacy rights. It requires that in order to use biometric data, the individual has to sign a consent that informs them of what data is collected, how it's stored, how it will be used, and how long the data will be kept.
In the current Illinois case, the nurses claim that Northwestern Medicine, UChicago Medicine, and Becton, Dickinson and Co. violated the Biometric Information Privacy Act by mandating fingerprint scanners to access medicine cabinets. Court documents reveal that the hospitals didn't obtain written consent to use the fingerprint data, didn't clarify data storage and destruction procedures, and failed to secure consent for sharing the data with third-party vendors.
However, the defendants' legal representatives argue that using biometrics for medicine cabinet access qualifies for an exemption under the law. They assert that it falls under the category of "health care treatment, payment, or operations" as defined by the federal Health Insurance Portability and Accountability Act (HIPAA).
This lawsuit draws parallels to previous high-profile cases where the misuse of biometric data incurred substantial penalties. Notably, Facebook agreed to a $650 million settlement with Illinois users after allegations of biometric data misuse.
In a decision earlier this year, the llinois ISupreme Court ruled that each instance of requiring employees to use biometric data constituted a separate violation of the law. This interpretation imposes penalties of $1,000 to $5,000 per violation, which could theoretically amass into astronomical sums.
One critical point of contention in this case is the potential impact on the medical community. Defendants argue that applying such hefty penalties to healthcare institutions could have catastrophic consequences.
Comments / 4