INDUSTRY NEWS
Statute of Limitations for BIPA Claims Addressed by Illinois Appellate Court
The court concluded that the proper statute of limitations period for claims under the Illinois Biometric Information Privacy Act (BIPA) depends on the section of the Act referenced in the claim.
In September 2019, the trial court in Tims v. Black Horse Carriers, Inc. considered the applicable statute of limitations period for BIPA claims. Since BIPA was not expressly aligned with a specific statute of limitations period, the plaintiff contended that the state's five-year catchall limitation period applied. The defendant countered that Illinois' one-year "invasion of privacy" limitation period applied.
The trial court initially agreed with the plaintiff. On appeal, the court decided that varying statutes of limitations are in effect for claims brought against specific sections of the Act, as described below:
| SECTION | DESCRIPTION | STATUTE OF LIMITATIONS |
|---|---|---|
| 15(a) | Governs retention schedules and destruction guidelines for biometric data | Five (5) years |
| 15(b) | Prohibits the collecting or obtaining of biometric data without written notice and release | Five (5) years |
| 15(c) | Restricts private parties from selling, leasing, trading, or profiting from biometric data | One (1) year |
| 15(d) | Prohibits the disclosure and dissemination of biometric data absent specific prerequisites | One (1) year |
| 15(e) | Requires parties to take reasonable care in storing, transmitting, and protecting biometric data | Five (5) years |
The three-judge panel held that Illinois' five-year statute of limitations applies to sections 15(a), (b), and (e) of BIPA because those sections "have absolutely no element of publication or dissemination." However, the panel alternatively contended that Illinois' one-year statute of limitations applies to claims brought under sections 15(c) and 15(d) since these qualify as "publication of matter violating the right of privacy." A one-year statute of limitations could not apply to sections (a), (b) and (e) because a plaintiff could bring an action under those sections without having to allege or prove that the defendant published or disclosed any biometric data to any person or entity beyond itself.
Employers are encouraged to review the provisions under the Illinois Biometric Information Privacy Act as we all as internal protocols regarding the handling and management of biometric information to ensure compliance.
Posted: September 28, 2021
All Rights Reserved © 2021 Business Information Group, Inc.
This document and/or presentation is provided as a service to our customers. Its contents are designed solely for informational purposes, and should not be inferred or understood as legal advice or binding case law, nor shared with any third parties. Persons in need of legal assistance should seek the advice of competent legal counsel. Although care has been taken in preparation of these materials, we cannot guarantee the accuracy, currency or completeness of the information contained within it. Anyone using this information does so at his or her own risk.