A housekeeper at a Chicago-area Marriott claims the hotel’s operators have unlawfully scanned workers’ fingerprints without first providing statutory disclosures or obtaining consent to collect the individuals’ biometric information.
The lawsuit alleges defendants NexGen Hotels Management and Genuine Hospitality, who partnered to open the TownePlace Suites by Marriott in Waukegan, Illinois in August 2019, have run afoul of the state’s Biometric Information Privacy Act (BIPA), a law enacted to protect citizens’ biometric information, such as fingerprints, from unauthorized use by private entities.
According to the case, the defendants have required workers to scan their fingerprints into an ADP biometric timekeeping device each time they clock in and out despite failing to satisfy the BIPA’s informed consent mandate, exposing the employees to “serious and irreversible privacy risks.”
“For example, if a database containing fingerprints or other sensitive, proprietary biometric data is hacked, breached, or otherwise exposed – like in the Equifax, Facebook/Cambridge Analytica, and Suprema data breaches – employees have no means by which to prevent identity theft, unauthorized tracking or other unlawful or improper use of this highly personal and private information,” the complaint stresses.
The lawsuit in Cook County, Illinois Circuit Court more spefifically claims the defendants have violated the BIPA by failing to:
Inform employees in writing of the specific purpose and length of time for which their biometric information would be collected, stored and used;
Develop and adhere to a publicly available retention schedule and guidelines detailing how and when the data would be permanently destroyed;
Obtain a written release from employees to collect, store and use their fingerprints; and
Obtain consent from the workers to disclose, redisclose or otherwise disseminate their fingerprint data to third parties, including ADP, the defendants’ payroll vendor.
According to the suit, these alleged violations “raise a material risk” that the employees’ biometric data will be unlawfully accessed by third parties.
The lawsuit looks to represent anyone working for the defendants in Illinois who had their biometric identifiers and/or biometric information collected, captured, received or otherwise obtained, maintained, stored or disclosed by the defendants during the applicable statute of limitations period.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.