On November 30, the Illinois Supreme Court unanimously ruled that the Biometric Information Privacy Act (BIPA) does not apply to health care workers whose fingerprints are collected, stored, and used to access medication and medical supplies.
Illinois Court Eliminates Another BIPA Defense
This summer, the U.S. District Court for the Southern District of Illinois further bolstered Illinois’ Biometric Information Privacy Act’s (BIPA) nearly unfettered private right of action in Lewis v. Maverick Transportation. In a simple but firm four-page ruling, Judge Rosenstengel denied the defendant’s motion to dismiss, holding that a cause of action under BIPA does not require a plaintiff to plead that data collected is used for identification purposes. The ruling serves to highlight the apparent lack of any real technical defenses to the statute — making it imperative that companies focus on strict compliance before they find themselves in court.
AG Bonta Issues New Investigative Sweep of Mobile Application Companies
On January 27, California Attorney General Rob Bonta announced an “investigative sweep” of businesses with mobile applications for allegedly failing to comply with the California Consumer Privacy Act (CCPA). This ongoing sweep targets popular mobile applications in the retail, travel, and food service industries that fail to offer a mechanism for consumers to opt out of data sales or that fail to process consumer opt-out requests, including requests submitted via an authorized agent like Permission Slip.