in Newswire Published on November 24, 2020

Taco Bell, KFC, Pizza Hut Operator Hit with Class Action Over Worker Fingerprint Scanning Practices [UPDATE]

by Erin Shaak

Last Updated on September 29, 2021

View Comments

Payne v. Yum! Brands, Inc.

Filed: November 16, 2020 § 2020-CH-06811

Read Complaint

A lawsuit claims the parent entity behind Taco Bell, KFC, Pizza Hut and other fast food brands failed to obtain employees’ consent to scan their fingerprints.

Defendant(s)

Yum! Brands, Inc.

Law(s)

Illinois Biometric Information Privacy Act

State(s)

Illinois

Categories

Privacy

Case Updates

September 29, 2021 – Lawsuit Dismissed, Plaintiff Given Another Chance

The judge overseeing the case detailed on this page has dismissed the plaintiff’s claims while allowing him a chance to try again.

According to Law360, Cook County Circuit Judge Pamela Meyerson found that the plaintiff’s “bare-bones allegations” failed to provide a clear idea of how the defendants were related and whether the KFC franchise or parent company Yum! Brands was responsible for allegedly violating the BIPA.

Judge Meyerson reportedly noted that the plaintiff’s first amended complaint “does not contain sufficient facts from which the court can determine exactly what it is that each of these defendants did.” While the plaintiff specifies that Yum operates KFC, Pizza Hut, Taco Bell and other restaurants, the complaint “doesn’t even really say what the relationship is” between the plaintiff, Yum and KFC, and instead merely claims that the “defendants” unlawfully collected scans of his fingerprints, Judge Meyerson wrote.

In dismissing the lawsuit on September 22, the judge gave the plaintiff four weeks to file a second amended complaint.

The parent entity behind Taco Bell, KFC, Pizza Hut and several other fast food brands has been hit with a proposed class action over its alleged failure to obtain consent and provide proper disclosures before collecting and storing employee fingerprint data.

Alleging violations of the Illinois Biometric Information Privacy Act (BIPA), the 15-page lawsuit claims Yum! Brands’ apparent failure to obtain consent to collecting workers’ biometric data—i.e. fingerprints—and inform them of when and how the information would be used and destroyed has exposed the individuals to “serious and irreversible privacy risks.”

“If Defendant’s database of digitized fingerprints were to fall into the wrong hands, by data breach or otherwise, the employees to whom these sensitive and immutable biometric identifiers belong could have their identities stolen, among other serious issues,” the complaint, filed in Cook County Circuit Court, scathes.

The lawsuit alleges Yum! Brands—the group behind KFC, Pizza Hut, Taco Bell, The Habit Burger Grill and WingStreet restaurants throughout Illinois—has since at least June 2017 required employees to scan their fingerprints to clock in and clock out of the company’s timekeeping system. Per the complaint, the defendant overstepped the BIPA by failing to inform the workers before collecting their sensitive biometric data of the purpose and length of time for which their information would be collected, as well as obtain their written consent to do so.

Moreover, the case claims Yum! Brands provided neither a publicly available retention schedule nor guidelines detailing when and how the workers’ fingerprint data would be destroyed, leaving them in the dark as to how long their private information would be at risk of exposure after the termination of their employment.

The plaintiff says his fingerprints were scanned, collected and stored in the company’s database when he worked at one of Yum! Brands’ KFC restaurants between June 2017 and March 2018. According to the case, the man never provided the restaurant operator with permission—written or otherwise—to collect his biometric identifiers and did not receive statutory disclosures regarding such. 

Finally, the suit claims the plaintiff was never given a retention schedule or guidelines for the destruction of the data and thus “has no reason to believe Defendant actually destroyed his biometric information, despite that the sole reason Plaintiff provided his biometric information (i.e. clocking in and out of work) is now moot.”

Per the complaint, if Yum! Brands uses an outside vendor to process its payroll, there is also a “significant risk” that the defendant has disseminated workers’ biometric information without their knowledge or consent.

The lawsuit looks to cover anyone who had their fingerprints collected, captured, received or otherwise obtained and/or stored by Yum! Brands in Illinois.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.

Open Document
Last Updated on September 29, 2021 — 3:37 PM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.