Analyzing BIPA's Financial Institution Exemption

Bloomberg Law Professional Perspectives

Since the Illinois Supreme Court's 2019 decision in Rosenbach v. Six Flags Entm't Corp., 129 N.E.3d 1197 (Ill. 2019)—which held that no actual injury or harm is needed to pursue claims for purported violations of Illinois's draconian biometric privacy statute—litigation under the Illinois Biometric Information Privacy Act has ascended to the top spot as the nation's newest class action trend.

While the wave of BIPA filings has remained constant, the targets of these class action suits has ebbed and flowed over time. Originally focused primarily on employers that use fingerprint biometrics for timekeeping purposes, plaintiffs’ attorneys have branched out by seeking out a wide variety of new targets for this bet-the-company litigation.

Financial institutions have for the first time found themselves in the crosshairs of BIPA class litigation. This has come as a surprise to many, as Illinois’ biometric privacy law provides a complete exemption from compliance with the law for entities that fall under the scope of the Gramm-Leach-Bliley Act (GLBA), which covers the majority of financial institutions in operation today.

This new wrinkle in BIPA class litigation provides several important takeaways for financial institutions that collect and use biometric data in their operations today, as well as other types of entities that find themselves on the receiving end of a class action complaint alleging violations of Illinois’ biometric privacy statute.

To read the full article, please click here.

“Analyzing BIPA's Financial Institution Exemption,” by David J. Oberly was published in the September 2021 edition of Bloomberg Law Professional Perspectives, a publication of The Bureau of National Affairs, Inc. Reprinted with permission.