SCHAUMBURG – Small and midsize manufacturers in Illinois have paid hefty lawsuit settlements in the past few years, concerning how they gather employee information, particularly with biometric systems, such as fingerprinting and retina scanning.
However, when White Castle was sued based on Illinois’ 2008 Biometric Information Protection Act (BIPA), the company appealed the law’s terminology to the Illinois Supreme Court. The Court asked the Illinois General A
ssembly to clarify how the fines were to be assessed – “per occurrence” or “per person.”
Two years passed, and the Illinois General Assembly hesitated in responding to the Court until 2024, when the Assembly passed an amendment to specify “per person” as the clarification for fining companies.
In response, Illinois’ small and midsize businesses saw a dramatic drop in the number of lawsuits based on the new BIPA guides, a new study by the Duane Morris LLP’s 2026 Class Action Review shows.
According to the Review,
“…[F]ilings under the Illinois Biometric Information Privacy Act declined sharply in 2025, falling to 150 cases from 427 in 2024. The decline follows bipartisan legislation enacted in August 2024 that replaced a per scan damages model with a per person framework, curbing incentives for mass litigation untethered from real harm.”
The Schaumburg-based e heard from its members about a growing number of lawsuit threats based on the BIPA law, and began an effort to do all they could to protect their members.
A non-profit group that also pushed for law clarification, Citizens Against Lawsuit Abuse’s (CALA), applauded TMA’s efforts. Spokesperson Phil Melin credits business associations and trade groups such as the TMA not only actively being involved in clarifying the measure, but with warning their members about the dangers of gathering employee information via biometric systems.
“This is a real win for Illinois small businesses. BIPA was being used as a lawsuit generation machine rather than a consumer protection law,” Melin told TMANews.com. “The reforms brought balance back into the system while preserving the core privacy rights the law was meant to protect.”
Illinois manufacturers were among the hardest hit industries by the atrocious BIPA, he said.
“Millions [of dollars] transferred from hard-working producers to predatory trial lawyers. IL CALA was proud to stand with TMA to highlight BIPA’s atrocities and cannot now be happier to now see these dramatic results of the reforms we championed,” Melin said.
Without the leadership and support of the Technology & Manufacturing Association, in addition to State Senator Bill Cunningham’s willingness to tackle the issue, the lawsuit tide concerning biometric systems would have likely continued in the negative direction it was headed.
For years, the Review said, “BIPA litigation surged after court rulings allowed damages to accrue with each scan of biometric data, exposing small businesses to catastrophic liability for routine workplace practices such as employee timekeeping systems. The revised statute restores proportionality while maintaining privacy protections.”
Even though the new law does not provide explicit retroactivity for cases already decided and pending cases, bill sponsor Sen. Cunningham (D-Chicago) made sure to put into the official legislative record that “a court or a reviewing court could take judicial notice of our amendment to the Act in determining an initial award or reducing an award.”
“This was a significant piece of legislation. For months we have been urging lawmakers to fix the BIPA legislation by urging TMA members to file witness slips, host informational sessions with members and legislators. We testified in committee to share the real-life consequences of the flawed Act,” said TMA Lobbyist David Curtin.
Governor JB Pritzker then signed the measure into law In August 2024.
_________
What is BIPA?
Enacted in the state of Illinois in 2008, the Biometric Information Privacy Act (BIPA) regulates the collection, use, and storage of biometric information – such as fingerprints, iris scans, and facial recognition data. The law requires employers to obtain informed written consent from employees before collecting their biometric data and to provide certain disclosures about how the data will be used and stored.
Best Compliance Practices for Illinois Manufacturers:
- Determine whether you are collecting biometric identifiers or biometric information.
- Develop a written publicly available BIPA Policy, establishing a retention schedule and guidelines for permanently destroying data; publish on website.
- Prepare a BIPA notice and provide to employees before first collection.
- Obtain written release from each employee.
- Limit access to and safeguard collected data.
- Do not sell or profit from collected data.
- Audit notification, collection, storage, and destruction processes.
- If engaging temporary staffing companies or payroll vendors, review contracts for indemnification provisions.
- Review insurance policies for BIPA coverage.
Retain data for no more than 3 years from last collection or from when the purpose of initial collection has been satisfied, whichever is sooner; securely and permanently destroy the collected data.
More information about BIPA at TMANews.com