Executive summary
A decade ago, social media platforms were embracing the latest facial recognition technology for tagging photos and tracking users, largely without consent.
Then came the lawsuits. Today, most tech firms have dumped the technology.
Organizations collect the biometric data of their staff and consumers for many reasons. Thanks to modern technology, it's quick, convenient and completely unique to the individual.
While this innovation provides a range of benefits and efficiencies, it also presents a raft of risk exposures for companies to grapple with. Recent nuclear settlements for breaches of biometric privacy show how costly these can be, with one judgement amounting to $17 billion in damages.
With more US states in the process of adopting the Biometric Information Privacy Act (BIPA), there is anticipation that we will see a steady rise in BIPA breach lawsuits.
Insights
- There are many reasons why organizations collect the biometric data of their staff and consumers, including fingerprints and face scans. It's quick, convenient and unique to the individual.
- A growing number of lawsuits are being filed against companies for poor management of biometric data.
- Although it was enacted in 2008, BIPA is gaining more attention due to the number of class actions it has unleashed in recent years, along with the rising quantum of settlements.
- A recent ruling by the Illinois Supreme Court found that each scan of an employee's fingerprints amounted to a separate violation of BIPA, with penalties potentially reaching $17 billion.
- Inevitably, the rise in BIPA-related lawsuits has resulted in the introduction of liability policy exclusions as carriers seek to protect their balance sheets.
- Businesses from all industry sectors are urged to maintain data security safeguards to protect biometric data from improper access, disclosure or acquisition.
Published December 2023