Latest Post | Last 10 Posts | Archives
Previous Post: Better management, please
Next Post: Study: Illinois’ freight-handling, crossroads transportation hub exposes nearly two million to heightened pollution risks
Posted in:
* Background is here if you need it.
* From the Illinois Biometric Information Privacy Act…
Nothing in this Act shall be construed to conflict with the Private Detective, Private Alarm, Private Security, Fingerprint Vendor, and Locksmith Act of 2004 and the rules promulgated thereunder.
Nothing in this Act shall be construed to apply to a contractor, subcontractor, or agent of a State agency or local unit of government when working for that State agency or local unit of government.
* I received this email on Friday…
Hello Mr. Miller,
Thank you for everything you all are doing over at Capitol Fax. An amendment was just filed on BIPA reform. But, the bill does nothing to protect small fingerprint vendors and locksmiths, who follow the rules to a T and are true stewards/SMEs of the law, from frivolous lawsuits. Fingerprint vendors are vertically integrated throughout the state in healthcare, cannabis, FOID/CCL, gaming, DCFS, etc. See the attached listing of areas where fingerprint vendors are integrated. BIPA is not complicated law at all, but the locksmith Act exemption in BIPA doesn’t really have any teeth. BIPA even has an exemption for subcontractors of government agencies, but you still need to defend against an expensive, frivolous lawsuit. The exemptions are, effectively, rather circular. I think that those who flout the law or are not in compliance should pay a dear price for violating consumers. However, licensed, regulated entities who follow the law should not be subjected to damaging or crippling causes of action brought by nationwide law firms that are frivolously seeking a settlement from Illinois small businesses. […]
I think a “simple” fix would be to amend the Locksmith Act or JCAR rules to allow the “aggrieved” to seek relief through IDFPR or injunctive relief. This way BIPA is not watered down and the locksmith act exemption gains the teeth that the 2008 legislature intended. Again, thank you for your blog and stellar journalism .
* I followed up and asked about what he called “circular” exemptions…
BIPA allows a private right of action. The locksmith act does not provide a private right of action or any consumer relief. BIPA points to the locksmith act and the locksmith act rules point to BIPA. The circular logic is licensees can maintain their IDFPR license, follow all the BIPA rules (written notifications, obtain consent in writing, retention schedule), and still be sued even when the plaintiff/lawyer knows that the rules were followed. It’s a loophole and it’s incredibly damaging to small businesses. While they can be successful in defending themselves in court by showing how they followed the rules, the legal fees and insurance claims are abundant. These matters last months or even years. The IDFPR exemption lawsuit loophole should be closed and I think it can be by giving IDFPR a stake in ensuring BIPA is being conformed to among its licensees. This leaves BIPA intact, as it should be.
* From the original House floor debate in 2008…
Rep. Ryg: Senate Bill 2400 creates the Biometric Information Privacy Act which will be applicable to private entities doing business in Illinois. It sets collection and retention standards while prohibiting the sale of biometric information. It provides exemptions as necessary for hospitals, organ donation efforts, licensed fingerprint vendors working with State Police doing background checks and private subcontractors working for a state or a local unit of government and banks that are covered under Federal Law.
The bill passed the House unanimously. Here’s one reason why…
This Bill is especially important because one of the companies that has been piloted in Illinois, Pay By Touch, is the largest fingerprint scan system in Illinois and they have recently filed for bankruptcy and wholly stopped providing verification services in March of 2008. This pullout leaves thousands of customers from Albertson’s, Cub Foods, Farm Fresh, Jewel Osco, Shell, and Sunflower Market wondering what will become of their biometric and financial data. The California Bankruptcy Court recently approved the sale of their Pay By Touch database. So, we are in very serious need of protections for the citizens of Illinois when it comes to biometric information. I know of no opposition to the legislation and I’ll attempt to answer any questions.
There were no questions.
posted by Rich Miller
Monday, May 22, 23 @ 10:51 am
Sorry, comments are closed at this time.
Previous Post: Better management, please
Next Post: Study: Illinois’ freight-handling, crossroads transportation hub exposes nearly two million to heightened pollution risks
WordPress Mobile Edition available at alexking.org.
powered by WordPress.
–and still be sued even when the plaintiff/lawyer knows that the rules were followed.–
Welcome to the world. Nothing here is unique to BIPA.
In the early days of the internet, it was a popular thing for those same lawyers to go after small businesses/web hosts for ADA violations. That’s what insurance is for. I assure you, your insurance company is not going to settle for millions of dollars if there are no facts to support the claim. They will move for summary judgement based on the lack of any evidence of a violation taking place, and the case will be over.
Even if the BIPA rules were changed as the requestor wanted, there would STILL be these lawsuits filed. Nothing would change regarding the actual frivolity of some lawsuits, because the law isn’t the point - the lawsuit is. All it costs is the filing fee, and if 1 out 10 leads to a default judgment, then it’s a success.
What bothers me with this line of reasoning presented, which seems a continuation from the comments on Friday on this topic, is the purposeful juxtaposition of ‘frivolous’ with all instances. The subtext here is that one of the companies might be caught in violation - and that would destroy them. Well, them’s the breaks for treating the personal biometric data of someone else with recklessness.
Comment by TheInvisibleMan Monday, May 22, 23 @ 11:17 am
===That’s what insurance is for===
That’s the language of the looter.
Comment by Rich Miller Monday, May 22, 23 @ 11:29 am
== That’s what insurance is for. I assure you, your insurance company is not going to settle for millions of dollars if there are no facts to support the claim. They will move for summary judgement based on the lack of any evidence of a violation taking place, and the case will be over. ==
You clearly have no idea how this works. First, insurance doesn’t cover the damages for types of claims. Second, even if your insurance company is cover the costs of litigation, it’s more cost effective to settle than litigate, and insurance companies only care about the bottom line and want to settle. Third, it’s no longer big companies getting hit by BIPA, and the claims aren’t always related to things like facial recognition. There are small businesses now getting hit based on creative interpretations of the definitions, and because there are not definitions in the law and little case law, it’s impossible to win on a motion to dismiss. After that, the plaintiffs paper to death the company and anyone it does business with through the discovery process.
Comment by jacket Monday, May 22, 23 @ 11:43 am
I’ve long thought the solution is for courts to be a LOT more aggressive about sanctioning attorneys who bring frivolous lawsuits.
Comment by Suburban Mom Monday, May 22, 23 @ 11:44 am
–That’s the language of the looter.–
It’s also the language of someone who has dealt with decades of nonsense lawsuits, and understands the necessary evil of insurance in these cases.
No law, short of loser pays, is going to fix frivolous lawsuits. That’s a far larger issue than BIPA, and the solutions presented to ‘fix’ BIPA and the circular IDFPR issue aren’t going to fix the problem being stated.
But lets pretend the requestor gets everything they are asking for enacted in law. How is that going to stop a frivolous lawsuit from being *filed* ? It won’t. Not even a little bit. That’s why they are frivolous. They are hunting for default judgements, not actual cases. But that comes back to the attempt to incorrectly group *all* lawsuits as frivolous, which I think is the real point trying to be made here. The person wants cover just in case they mess up or forget something. E&O insurance isn’t going to cover that, and it still wouldn’t if the specified changes were made to the law. It just removes the licensing penalties from IDFPR, which are much more difficult to maintain in the case of an actual violation compared to simply folding up a LLC into bankruptcy. One follows the person in violation by their name, the other does not.
Comment by TheInvisibleMan Monday, May 22, 23 @ 11:52 am
===TheInvisibleMan===
I don’t think the requestor is asking for the BIPA rules to be changed, at all. I think they are asking to leave BIPA intact and change the Locksmith Act or it’s JCAR rules….
Comment by lloyd Monday, May 22, 23 @ 11:57 am
–it’s more cost effective to settle than litigate–
It’s incredibly amusing to hear a summary judgment with zero evidence to support the claim presented, is going to be more expensive than a million dollar settlement.
I do know how this works. I’ve gone though this. That’s why I specifically pointed out the frivolous lawsuits filed against website owners where the suit attempted to use the ADA as justification for the suit. The goal of frivolous lawsuits is to file a pile of them, and hope a certain percentage of them are ignored by the defendant, leading to a default judgment of the size asked for by the plaintif.
Unless your lawyer is charging 500k per hour, it is not more expensive to litigate in the absence of a violation.
I’ve also beat other cases, where the claimed damages were only in the 10s of thousands of dollars. It was a 10th that cost to litigate it compared to settling. Because the violation claimed did not exist.
Frankly, I don’t think you know how this works. You know who likes to say it costs more to litigate than settle? Police departments. Because they pay the litigation costs, and then they pay the penalty for the wrong they were found to have committed after all the litigation is over.
Comment by TheInvisibleMan Monday, May 22, 23 @ 12:13 pm
@lloyd
You are correct. My apologies if I stated my comments in a way that juxtaposed them as the same thing.
Comment by TheInvisibleMan Monday, May 22, 23 @ 1:06 pm