justice scale justice scale justice scale

McKenna Minutes

“The life of the law has not been logic; it has been experience.”

-Oliver Wendell Holmes, Jr.

Business Law



BIPA Claims May Be Heard In Federal Court

BIPA Claims May Be Heard In Federal Court

-

In a recent decision, the Seventh Circuit Court of Appeals held that a federal district court could hear certain Biometric Information Privacy Act (BIPA) claims. An issue in many BIPA lawsuits specifically, and in many data privacy lawsuits generally, is whether the court has subject matter jurisdiction to hear the case. The issue is usually raised by defendants seeking to dismiss the case; however, in Bryant v. Compass Group USA, Inc. (https://law.justia.com/cases/federal/appellate-courts/ca7/20-1443/20-1443-2020-05-05.html), the Plaintiff claimed that she lacked Article III standing and sought to have the case remanded to state court.

In Bryant, Plaintiff Christine Bryant’s employer installed vending machines owned and operated by Defendant Compass Group. Rather than accept cash, employees had to establish an account using their fingerprint to purchase food from the vending machines. During her orientation, Plaintiff and her co-workers scanned their fingerprints into the vending machine’s system to establish a payment link and create a user account. Bryant claimed that the process of collecting and retaining her fingerprint, and the fingerprints of her co-workers, violated Sections 15(a) and (b) of Illinois’ BIPA. Section 15(a) requires collectors of biometric information make public a retention schedule and guidelines for permanently destroying the biometric information, while Section 15(b) requires that collectors of biometric information obtain informed written consent before biometric information is obtained. Subsequently, Bryant brought a putative class action against Compass in the Circuit Court of Cook County alleging violations of these sections of BIPA.

Compass removed the action to federal court and Bryant moved to remand the action to state court claiming that the district court did not have subject matter jurisdiction because she lacked the concrete injury-in-fact necessary to satisfy the federal requirement for Article III standing. The district court agreed, finding that Compass’s alleged BIPA violations were bare procedural violations that caused no concrete harm to Bryant, and remanded the action to state court.

The Seventh Circuit’s decision reversed the district court, finding that the case was properly removed to federal court. For a plaintiff to have Article III standing, 1) they must have suffered an actual or imminent, concrete and particularized injury-in-fact, 2) there must be a causal connection between the injury and the conduct complained of, and 3) there must be a likelihood that this injury will be redressed by a favorable decision. Only the first prong of this test was at issue in Bryant. In informational injury cases, an injury inflicted by nondisclosure is concrete if the plaintiff establishes that the withholding impaired her ability to use the information in a way the statute envisioned. The Court held that Compass withheld substantive information to which Bryant was entitled and therefore deprived her of the ability to give the informed consent required by Section 15(b). Conversely, the Court held that Bryant had not suffered a concrete and particularized injury as a result of the Section 15(a) violation as this duty to disclose was owed to the public generally and not part of the informed-consent regime.

The Bryant decision provides litigants with the opportunity to decide the most advantageous forum to litigate BIPA claims, as both state and federal court are now available. However, the best strategy continues to be that a collector of biometric information should formulate a plan to comply with BIPA’s requirements prior to the collection of that information. If you have questions regarding litigation or compliance under Illinois’ Biometric Information Privacy Act, or questions regarding privacy and data security generally, contact Tim Hayes at tmhayes@mckenna-law.com


Categories Business Law Data Privacy Employment Law General Litigation Privacy and Data Security Litigation


Understanding Money Damages for Trade Secrets Misappropriation under Federal and Illinois Law

Understanding Money Damages for Trade Secrets Misappropriation under Federal and Illinois Law

-

Both federal law and the Illinois Trade Secrets Act (765 ILCS 1065/et seq.) allow a person to recover money damages caused by the misappropriation of trade secrets. 765 ILCS 1065/4; 18 U.S.C. § 1836. Generally, a “trade secret” is information kept confidential for economically advantageous reasons. See 765 ILCS 1065/4; 18 U.S.C. § 1839(3). Trade secrets often consist of technical or business information, such as, for example, designs, codes, prototypes, procedures, or plans. See 765 ILCS 1065/4; 18 U.S.C. § 1839(3). In some instances, a trade secret may include lists of customers and/or potential customers. 765 ILCS 1065/4.


Categories General Litigation Legal Updates Privacy and Data Security Litigation


Preparing for a Data Breach: Tabletop Exercises

Preparing for a Data Breach: Tabletop Exercises

-

Incident response planning, including tabletop exercises, is vital to the data breach preparedness of any organization. Data breaches can have a crippling effect on a business. Although data breaches at large companies dominate the headlines, data breaches occur at small and medium-sized businesses as well.


Categories Business Services Privacy and Data Security Litigation


What School Officials Need to Know about Student Data Privacy in Illinois

What School Officials Need to Know about Student Data Privacy in Illinois

-

Data breaches have happened, and will continue to happen, to all different types of entities, including private businesses, charities, government offices, and schools.


Categories Privacy and Data Security Litigation


Legislative Update:  South Dakota Enacts Data Breach Notification Law

Legislative Update: South Dakota Enacts Data Breach Notification Law

-

Earlier this year, South Dakota passed the state’s first data breach notification law. Prior to passage of the law, South Dakota was one of only two states that did not have a state data breach notification law. The law went into effect this past July.


Categories Privacy and Data Security Litigation


Recent Litigation Highlights The Need to Understand the Illinois Biometric Privacy Act (BIPA) Requirements

Recent Litigation Highlights The Need to Understand the Illinois Biometric Privacy Act (BIPA) Requirements

-

To avoid what is becoming a common lawsuit, businesses need to be aware of the Illinois Biometric Information Privacy Act (BIPA) requirements. Two class action lawsuits were recently filed in Cook County Circuit Court by employees alleging violations of the BIPA by their respective employers.


Categories Privacy and Data Security Litigation


Aldermen Propose Chicago Data Protection Ordinance

Aldermen Propose Chicago Data Protection Ordinance

-

A data protection ordinance was recently proposed in the City of Chicago. The “Data Collection and Protection Ordinance” (the Ordinance), sponsored by Aldermans Burke, Hopkins and Reilly, is a response to a string of high-profile data breaches that occurred during the past year.

Continue Reading

Categories Privacy and Data Security Litigation


Why There Will Be No Data Breach Notification Letters Following The Facebook-Cambridge Analytica Incident

Why There Will Be No Data Breach Notification Letters Following The Facebook-Cambridge Analytica Incident

-

There are many questions surrounding the actions of Cambridge Analytica and Facebook, including whether this incident is considered a data breach. There has been some debate on this issue.


Categories Privacy and Data Security Litigation


6 Data Security Compliance Lessons from the VTech-FTC Settlement

6 Data Security Compliance Lessons from the VTech-FTC Settlement

-

On January 8, 2018, VTech Electronics Limited (VTech) agreed to settle charges brought by the Federal Trade Commission (FTC) that the company violated U.S. children’s privacy law. As part of the settlement, VTech agreed to pay a $650,000 civil penalty, refrain from further violation of the law, and implement a comprehensive data security compliance program.


Categories Privacy and Data Security Litigation


Appellate Court Affirms Dismissal of Illinois Biometric Information Privacy Act (BIPA) Case

Appellate Court Affirms Dismissal of Illinois Biometric Information Privacy Act (BIPA) Case

-

The U.S. Court of Appeals for the 2nd Circuit recently upheld a district court decision dismissing a putative class action filed by two plaintiffs against the maker of the NBA2K videogame series. The plaintiffs alleged five violations of the Illinois Biometric Information Privacy Act (BIPA). The district court dismissed plaintiffs’ claims for lack of Article III standing, and the plaintiffs appealed.

Continue Reading

Categories Privacy and Data Security Litigation


Here to help with whatever your legal issues may be, schedule your no-obligation consultation or Simply Call us at.
Chicago: (312) 558-3900 or Woodstock: (815) 334-9694

  • Hidden
  • Hidden

Please do not send confidential information via email. The sending of information by you, and the receipt of it by McKenna Storer, is not intended to, and does not create a lawyer-client relationship.

Privacy Policy | Sitemap © 2021 McKenna Storer
Show Buttons
Hide Buttons