Illinois Wingstop franchisee OM Joliet Wings, Inc. and its owner face a proposed class action lawsuit that claims the restaurant illegally collected employees’ biometric information.
According to the complaint, the defendants’ employees were required to scan their fingerprints for timekeeping purposes. After being collected, the lawsuit explains, scans of employees’ fingerprints were stored in a database “shared and maintained” by the defendants and affiliated businesses. The case claims the defendants unlawfully collected, stored and disseminated this biometric information without obtaining proper consent or making required disclosures to their workers.
Under the Illinois Biometric Information Privacy Act (BIPA), the case explains, companies that collect biometric information such as fingerprints or retinal scans are prohibited from selling or profiting from the data. The suit states that the BIPA also requires companies to do the following before obtaining biometric identifiers:
Inform an individual in writing of the specific purpose and length of time for which their biometric data is being collected, stored, disseminated and used;
Provide a publicly available retention schedule and guidelines for the permanent destruction of an individual’s biometric data; and
Receive a written release executed by the subject of the biometric identifier or biometric information; and
Obtain consent from the subject of a biometric identifier before disseminating their biometric information to a third party.
The case claims that the defendants failed to inform proposed class members that their biometric information was being collected, the specific length of time it would be kept, and how it would be used. Furthermore, the defendants failed to provide a publicly available retention schedule and guidelines outlining the permanent destruction of employees’ biometric information. The complaint further contends that the defendants did not receive a written release authorizing the collection, storage or use of employees’ fingerprints yet still disclosed or disseminated biometric information to third parties.
According to the case, the defendants’ conduct exposed employees to “serious and irreversible privacy risks.” The complaint argues that if biometric information were to be obtained by malevolent actors, it could be used for identity theft or other illicit acts and leaves employees with no recourse given a person’s biometrics cannot be changed.
The lawsuit looks to represent a class comprised of anyone who worked for OM Joliet Wings in Illinois who had their fingerprints collected, stored or disclosed during the applicable time period.