Biometric privacy losses on the rise: Advisen Data Spotlight

By Rebecca Gainsburg on October 13, 2020

he Trump International Hotel in Chicago is being sued under the Biometric Information Privacy Act (BIPA) for allegedly requiring employees to scan hand or fingerprints when clocking into shifts, according to a Front Page News story.

The class-action lawsuit alleges the hotel failed to provide prior written notice, obtain prior written releases from employees, and failed to have a publicly available retention schedule and destruction guidelines.

In accordance with BIPA, Trump Hotel faces damages of $1,000 per negligent violation and $5,000 for each willful/reckless violation, which could be between $1,000 and $5,000 every time an employee scanned into work for the last two to five years, according to the story.

Following the enactment of the Illinois BIPA in 2008, Advisen has seen a steady increase in losses involving biometrics. From 2008 to 2018 the number of BIPA cases in Advisen’s database rose 300%, although the total number of cases remains low – around 300.

BIPA Losses by Accident Date

While the majority of BIPA cases are confined to Illinois – accounting for 33% of Advisen’s BIPA losses – Advisen’s loss database includes BIPA losses for more than half of all states.

California has the second highest frequency of BIPA losses at 15% of the total, followed by New York and Texas – 6 percent and 5 percent respectively, according to Advisen data.

Health Care and Social Assistance was the industry that saw the highest frequency of BIPA losses, followed by Professional, Scientific and Technical Services, and Transportation and Warehousing, according to Advisen loss data.

BIPA Losses by Industry

 

Unauthorized data collection was the leading cause of loss – accounting for 70% of all BIPA-related losses in Advisen’s database. Unauthorized contact, malicious data breaches, fraudulent use and unintentional disclosure accounted for 25% of the remaining losses, collectively.

Getting coverage for BIPA losses can be challenging, as shown in several cases including Westfield Insurance Company v. PepsiHarleysville Worcester Insurance Company v. Four Seasons and United States Fire Insurance Company v. Xanitos.

Insurers argued that BIPA violations were not covered due to policy exclusions regarding bodily or personal injury stemming from the “dissemination, disposal, collecting, sending, transmitting, communicating, or distribution of material or information,” according to the lawsuit.

In the case of Harleysville Worcester Insurance v. Four Seasons, insurers also cited exclusions for personal injury stemming from employment-related coercion in response to Four Seasons’ practice of requiring employees to clock in and out with a biometric time-keeping device.

Data Journalist Rebecca Gainsburg can be reached at rgainsburg@advisen.com.

To learn more about Advisen’s Data call (212) 897-4800 or email support@advisen.com.

*Advisen’s loss data is curated from a wide variety of public sources. Our collection efforts focus on larger and more significant cases. For this reason, the figures in this article may not be fully representative of all cases of this type.