A proposed class action claims Signature Systems, Inc. has violated an Illinois privacy law by collecting and storing the fingerprints of its clients’ employees without first providing proper disclosures or obtaining the individuals’ consent to do so.
The lawsuit claims the defendant, a provider of point-of-sale software to restaurants and pizzerias throughout the U.S., has “violate[d] all three prongs” of the Illinois Biometric Information Privacy Act (BIPA), a law that prohibits entities from collecting individuals’ biometric information, including fingerprints, unless they first disclose their intention to collect the data and how long it will be retained and obtain written consent to do so.
Per the case, the BIPA is meant to protect Illinois residents from the privacy risks to which they could be exposed should their biometric information be compromised.
“If Defendant’s database of digitized fingerprints were to fall into the wrong hands, by data breach or otherwise, individuals to whom these sensitive biometric identifiers belong could have their identities stolen or their financial and other highly personal information breached and used for nefarious purposes,” the complaint contests.
The case claims the defendant’s practice of scanning, collecting and storing digital copies of clients’ employees’ fingerprints during enrollment into its biometric point-of-sale systems, as well as whenever they clock in and clock out or attempt to access a point-of-sale system at one of Signature Systems’ clients’ Illinois locations, is unlawful given the workers were never informed in writing of this practice.
The plaintiff says she worked for a few months in 2019 at an Evergreen Park, Illinois Jimmy John’s restaurant at which Signature Systems’ biometric point-of-sale software was used. During the course of the plaintiff’s employment, the defendant’s point-of-sale system scanned and stored her fingerprints in an electronic database, and the individual was required to scan her fingerprints each time she clocked in and out of work, according to the suit.
The lawsuit alleges the plaintiff and similarly situated employees of the defendants’ clients were never provided with the proper disclosures regarding the collection of their sensitive biometric information, including a retention schedule or guidelines for when the data would be permanently destroyed. Moreover, the case alleges the plaintiff never provided written consent allowing the collection and storage of her information, and was given no opportunity to prevent it.
“By collecting Plaintiff’s unique biometric identifiers or biometric information without her consent, written or otherwise, Defendant invaded Plaintiff’s statutorily protected right to maintain control over her biometrics,” the complaint states.
The lawsuit, which was removed to Illinois’ Northern District Court after its initial filing in Cook County Circuit Court on March 10, looks to cover anyone who had their fingerprints collected, stored, captured, received, or otherwise obtained and/or stored by the defendant in Illinois.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.