A former Great Wolf Lodge employee claims the resort and indoor water park operator has overstepped Illinois biometric privacy law by collecting and storing workers’ fingerprints for timekeeping purposes without making certain disclosures.
Citing the Illinois Biometric Information Privacy Act, the lawsuit says that employers who collect workers’ biometric information, such as fingerprints, must provide proper disclosures and secure consent before storing and utilizing the sensitive data. The case highlights privacy concerns related to the use of biometric data for timekeeping purposes, noting that such information, unlike traditional key fobs or identification cards, is unique to each individual and cannot be changed or replaced if compromised. The collection of such sensitive information without strict adherence to the law can present “serious and irreversible privacy risks” to workers, the suit says.
“For example,” the complaint poses, “if a fingerprint database is hacked, breached, or otherwise exposed, employees have no means by which to prevent identity theft and unauthorized tracking.”
The plaintiff, who worked at the Illinois Great Wolf Lodge location, claims defendants GWR Illinois Property Owner, LLC; Great Lakes Services, LLC; and Great Wolf Resort Holdings, Inc. failed to both inform workers of the purpose and length of time for which their fingerprints were being collected and secure a written release from the employees to collect their data. Moreover, the lawsuit claims the defendants failed to fulfill to the BIPA’s requirement that companies provide a publicly available retention schedule and guidelines detailing how and when employees’ fingerprint data will be destroyed.
As a result of the defendants’ conduct, the lawsuit alleges, the plaintiff and proposed class members—Illinois residents whose fingerprints were “collected, captured, received, otherwise obtained, or disclosed” by Great Wolf Lodge—have “continuously and repeatedly been exposed” to a heightened risk of identity theft.