First BIPA Jury Gives Guilty Verdict and $228M in Damages

In the first BIPA jury trial ever, an employer was found to have recklessly or intentionally violated the Biometric Information Privacy Act (BIPA) 45,600 times. The employer, BNSF Railway Co. was accused of illegally using and collecting biometric data without first obtaining consent or providing notices. 

The lead plaintiff sued the company on behalf of a class of around 45,000 truck drivers. These individuals claim that BNSF illegally required them to scan their handprint to verify their identity when entering certain railyards. However, the company did not obtain the consent of the truckers. Neither did they provide notices on what might happen with their biometric data. 

Biometric Information Privacy Act (BIPA)

Under BIPA, private entities which collect, capture, purchase, receive, or otherwise obtain biometric identifiers or information must:

  • First inform the subject in writing of:
    • That fact
    • The specific purpose
    • Length of time for which the information will be retained
  • Obtain a written release executed by the subject. 

BNSF Railway Co. argued that they were not the ones that collected the information. As they hired a third-party company to carry out this task for them, they are not the ones liable. The jury rejected these arguments and found BNSF Railway Co. did recklessly or intentionally violate BIPA. 

It was found they violated BIPA a total of 45,600 which is the estimated number of truck drivers who had their fingers scanned. Damages were calculated at $5,000 for each violation. This means BNSF Railway Co. is expected to pay a total of $288 million in damages. 

Previous Post

Drizly Agrees to Tighten Data Security After Alleged Breach

Next Post

ICO Fines Catalogue Retailer £1.48 Million

Related Posts