34 Comments - BlueBin - Wednesday, Jun 22, 22 @ 11:20 am: Why even have laws? They just create business for trial lawyers/s - Arsenal - Wednesday, Jun 22, 22 @ 11:22 am: I’m barely surprised that they don’t like it. This is exactly what you want when you buy into the Griffin/Rauner “we must make sure the C-Suite execs are more powerful to attract more corporate HQs” mindset. This is a zero sum game. If you want to make the Rauner class happier, it’s going to come out of your bank account. You first. - watchful eye - Wednesday, Jun 22, 22 @ 11:24 am: If Richard Irvin falls in the woods does it make a noise? - MisterJayEm - Wednesday, Jun 22, 22 @ 11:28 am: “the Illinois Biometric Information Privacy Act, which has inundated business with class-action lawsuits” They could easily avoid those lawsuits by simply doing what I’ve done: obeyed the law. – MrJM - Ducky LaMoore - Wednesday, Jun 22, 22 @ 11:29 am: Imagine that… the people that want to overturn Roe are against privacy. There was a time when Republicans believed in the individual. Those days are over. - One hand //ing - Wednesday, Jun 22, 22 @ 11:32 am: Multibillion dollar companies can’t collect and sell your personal information because…Madigan. Careful now, you may make people like the guy. - JS Mill - Wednesday, Jun 22, 22 @ 11:34 am: = decision to hand policy control to the trial lawyers for decades has taken its toll on the state’s economy= Isn’t Irvin a “trial lawyer”? Self loathing I guess. - Name/Nickname - May soon be required - Wednesday, Jun 22, 22 @ 11:35 am: Short sighted. Something conservatives should be absolutely on board with,call for more regulation of. These two candidates are so, so bad. - Suburban Mom - Wednesday, Jun 22, 22 @ 11:36 am: I work in data privacy and BIPA is *world leading.* All of my colleagues from all over the world know BIPA. Sometimes I work with a someone I haven’t worked with before and when we’re chatting before getting down to business and I say I’m in Chicago, they say, “Oh, that’s Illinois, right? You have BIPA!” We literally have an internal chart listing the strictest data privacy rules for different types of data (we typically try to comply with the strictest rule so we don’t have to run multiple compliance regimes), and for biometric data it’s always, always BIPA. It’s a good law (and I say that from the side of “corporations that have to comply with it”). It’s the world-leading law, and it’s going to be copied all over the world. Smart companies already comply with BIPA (or are preparing to comply with it), so that when the EU comes out with stricter regulations for biometrics, or when the CCPA comes in later this year, they’ll already be in compliance because they’re complying with Illinois. People complaining about BIPA are a) lazy about data privacy; b) using data in predatory ways; or c) have a really bad infosec/compliance regime that thinks the way to deal with data privacy is by complaining about it rather than reorienting their corporate governance towards protecting it. Honestly, any company that’s fighting BIPA is a company that’s unprepared for the slew of data regulations coming online in 2023 and 2024, and the question should be “why should Company have to comply with BIPA?” but rather, “why is Company so unprepared for data privacy, and what is this going to cost shareholders? Does this suggest Company will be proactively withdrawing from the EU and California, or just stumbling through dozens of expensive lawsuits?” Data privacy is a rapidly-growing area; the draft of the proposed federal privacy law that came out a couple weeks ago would require basically every company over $40M revenue to have a Data Protection Officer (basically a C-suite position relating just to data protection). That would create some 60,000 new, federally-mandated DPO jobs in one swoop. If you have kids in college or grad school, tell them to look at data privacy — the field is growing like crazy and there aren’t nearly enough people to do all the jobs. It pays well, too. - Kane County Cougar - Wednesday, Jun 22, 22 @ 11:38 am: MisterJayEM - no, not really. This has affected how some business use fingerprint scan for payroll. Person then leaves - 2-4-6- years later (no statue limitations) and forget hey signed an authorization then sues - attorney seeks others - now you have a class action suit going and expenses to defend. DESPITE NO ONE ALLEGING DAMAGES or their metrics have been compromised…. - Suburban Mom - Wednesday, Jun 22, 22 @ 11:38 am: or, tl;dr: companies that don’t want to comply with BIPA are failing concerns that are unprepared for current regulatory requirements relating to data privacy, let alone what’s coming next. - Pundent - Wednesday, Jun 22, 22 @ 11:39 am: So Irvin and Bailey believe that allowing Illinois citizens to sue organizations when their privacy has been compromised is somehow abusive and unjust and makes the state uncompetitive? - Arsenal - Wednesday, Jun 22, 22 @ 11:40 am: ==This has affected how some business use fingerprint scan for payroll.== They can just not. - Suburban Mom - Wednesday, Jun 22, 22 @ 11:43 am: Oh, dang it, I think my long comment used the banned punctuation. Rich, release me from comment jail (banned punctuation). I have a lot of specific knowledge about this. - MisterJayEm - Wednesday, Jun 22, 22 @ 11:47 am: “forget hey signed an authorization then sues” Seems like the kind of document that a business should hold on to so that they can present it at a preliminary hearing and have that lawsuit dismissed. That’s what I’d do. – MrJM - vern - Wednesday, Jun 22, 22 @ 11:49 am: I don’t understand the argument that BIPA has been bad for the Illinois business climate. I don’t believe any Illinois-based company has been targeted, and none of the companies who have paid out ceased operating in the state. Facebook is still operating in Texas even after their goofy state legislature created a private right of action for content moderation. I’ll take $400 and less racism over $0 and more racism, but to each their own. Facebook certainly doesn’t miss that money. - Arsenal - Wednesday, Jun 22, 22 @ 11:49 am: ==Seems like the kind of document that a business should hold on to so that they can present it at a preliminary hearing and have that lawsuit dismissed.== Or even better, when the lawyer sends the demand letter. - Kane County Cougar - Wednesday, Jun 22, 22 @ 11:50 am: Pundent- that is the point against the way this is written (legislation) Their privacy HAS NOT BEEN compromised and they sue. Perhaps in 2016 your policy wasnt a robust and didnt cover every part of the legislation - despite no damages - no compromised privacy - they can sue. - Streator Curmudgeon - Wednesday, Jun 22, 22 @ 11:57 am: I don’t like the idea of businesses selling my photo for facial recognition. But it strikes me odd that candidates from a party that argues so much about our “rights” being violated would be against the BIPA. On a related matter, I recently had my Illinois driver’s license renewed, and I had to take my eyeglasses off for the photo. Is that for facial recognition purposes by police? - Suburban Mom - Wednesday, Jun 22, 22 @ 11:59 am: ===Perhaps in 2016 your policy wasnt a robust and didnt cover every part of the legislation - despite no damages - no compromised privacy - they can sue. === That’s so weird that that’s what you’re seeing, because in 2021 the 7th Circuit twice dismissed a class action suit for lack of standing because it failed to allege damages. It’s a notice-and-consent regime that requires you to purge data when no longer needed and prohibits you from profiting by selling or renting access to other people’s biometric data. What about that do you feel is overbroad? Especially given that you cannot change your biometric data if it is compromised. It’s not like a credit card number — that keeps being your face, your fingerprint, even if it’s been sold to every criminal on planet earth. That demands a fairly high bar for using and protecting biometric data. - Shark Sandwich - Wednesday, Jun 22, 22 @ 12:13 pm: Suburban Mom deserves a gold medal for her comments today. - Kane County Cougar - Wednesday, Jun 22, 22 @ 12:13 pm: despite 7th circuit - still seeing suits. AGAIN- despite no damages; nothing compromised - even if you find the authorizations and move to dismiss attorney finds a reason do fight - the authorization didnt have the company’s name on it just said THE COMPANY; the authorization was clear; Just asking for statue of limitations; and damages to be able to be sued. The business does have liability if someone’s data / biometric was compromised support those suits. The others are just a money grab and nuisance lawsuits - Lamb - Wednesday, Jun 22, 22 @ 12:20 pm: –I don’t believe any Illinois-based company has been targeted– The reality is that while the “Big Tech” firms have captured all the headlines, it is the SME’s of this state that have had to bear the brunt of these frivolous suits.  Mostly for internal employment violations (i.e. time keeping and security purposes) and not for commercial purposes.  - vern - Wednesday, Jun 22, 22 @ 12:32 pm: === have had to bear the brunt === Will be happy to read any examples or statistics you can share - Thomas Paine - Wednesday, Jun 22, 22 @ 12:39 pm: 1. Republicans don’t believe that Americans should have privacy rights so this tracks. 2. Willing to bet both men signed up to get their checks from the Facebook lawsuit and cashed them, which is completely hypocritical, and also tracks for Republicans’ view of constitutional rights. - Lester Holt’s Mustache - Wednesday, Jun 22, 22 @ 12:48 pm: I would be offended by their stance on this law, if I thought that either of them had any idea what they were actually talking about. This is like trump trying to answer the nuclear triad question during the 2016 primary. My guess is that Bailey and Irvin just started spouting whatever nonsense words that came to mind in the moment, because neither of them are actually familiar with what BIPA says or does. - Roman - Wednesday, Jun 22, 22 @ 1:05 pm: This is a tough call. BIPA provides some vital privacy protections, but the right of action provisions are a bit over the top. As much as I love to see facebook and google pay through the nose, small businesses have been hit pretty hard by settlements in cases where nobody’s information was breached or misused. There’s gotta be a happy medium out there. - Techie - Wednesday, Jun 22, 22 @ 1:25 pm: From a political standpoint alone, being against this law makes no sense. I and many other people I know received almost $400 in a settlement against Facebook for their violation of our privacy as outlined by this law. Telling people you’re against them receiving significant sums of money (during tough economic times, no less) from very wealthy tech companies when they violate your privacy is not a winning political message. - Lamb - Wednesday, Jun 22, 22 @ 2:19 pm: =Will be happy to read any examples or statistics you can share= There have been 900 cases alleging BIPA violations through September 2021. Organizations large and small have been inundated with class actions. Here are just a few: Dabecca Natural Foods, Superior Nut and Candy, Loews Chicago, Superior Health Linens, Superior Ambulance, Millard Group LLC, Pineapple Hospitality Company, ABRA Autobody, ABT Electronics, Caputos, Chicago Lakeshore Hospital, Crate and Barrel, Dial Retirement Communities, East Lake Management, Estates of Hyde Park, Finkl Steel, Grand Victoria, Griffith Foods, Hixon Lumber Supply, Marinos, Mercy Hospital, Northshore University Health System, Parc at Joliet, Pete’s Fresh Market, Smith Senior Living, South Holland Home, Tony’s Fresh Market, University of Chicago Medical Center, and WeatherTech. Sources: Law360, American Bar Association, Institute for Legal Reform, and UofI Law Review - MisterJayEm - Wednesday, Jun 22, 22 @ 2:23 pm: “small businesses have been hit pretty hard by settlements in cases where nobody’s information was breached or misused” Links to a few examples of such cases would strengthen this argument significantly. – MrJM - Oxfordian - Wednesday, Jun 22, 22 @ 3:49 pm: Suburban Mom winning today. Thanks for all the info. Our children will grow to live in a world where identity theft isn’t about the compromise of social security number or your bank account info, but will happen through the theft of biometric data, which cannot be changed. BIPA is a strong tool against that future, and weakening its protections would be the wrong move. - Demoralized - Wednesday, Jun 22, 22 @ 4:34 pm: ==where nobody’s information was breached or misused== Maybe don’t collect it at all? Maybe these companies need to re-evaluate why they need it. - walker - Wednesday, Jun 22, 22 @ 5:21 pm: Another law passed in Illinois that leads the nation in responding to new challenges - ITEngineer - Wednesday, Jun 22, 22 @ 8:29 pm: Just want to add one additional thing to the great post from Suburban Mom. Any company involved with biometrics has some kind of global presence and is already doing this for GDPR. The data protection tools today allow instant application of data protection rules. If your complaining about it it’s because your cheap or lazy. Sorry, comments for this post are now closed.