Fingerprint Theft

Workers have sued their employer, an ambulance company, for collecting biometric information without their consent.

Some background: A growing number of companies use fingerprint scanners as “punch clocks” for employees. But even “exempt” employees—employment-law talk for people such as managers and professionals are paid a salary, not an hourly wage— are “fingerprinted” at scanners for security entrances.

Illinois is among states that strictly regulate this personal information. Why did Illinois pass its Biometric Information Privacy Act (BIPA)? Because lawmakers were persuaded that biometrics present a unique risk for identity theft if not managed appropriately.

The lawyer for workers argues that there is an “ever-present risk of a data breach of [the employer’s] systems exposing defendant’s workers’ biometrics to hackers and other wrongdoers worldwide.”

This looks a bit silly until you realize that your cell phone, PC, home security system and such are increasingly protected by your fingerprint.

Consider ransomware, where a hacker acquires PINS, passwords and other data and extorts a payment for not sharing your data. 
A hacker could lock (or threaten to lock) your secured items, using your fingerprint as a hostage. 

Under BIPA, an employer can be ordered to pay $5,000 for each willful or reckless violation and $1,000 for each negligent violation. This is no small case. The company has 1,600 employees.

Updates will be provided on this case (Casey Lundsteen v. Superior Air-Ground Ambulance Service Inc., case number 2017CH13253, in the Circuit Court of Cook County, Chancery Division).