What to Know About Illinois’ New Biometric Data Requirements

Key considerations and implications for security industry companies regarding the new Illinois BIPA reform proposal

On Aug. 2, 2024, Illinois Gov. J.B. Pritzker signed a major Biometric Information Privacy Act (BIPA) reform into law. The reform proposal received approval back in May within the Illinois House of Representatives with a 81-30 vote, after clearing the Illinois Senate 46-13 and solidifying bipartisan support for amending the highly controversial 2008 Illinois BIPA law. Under its key reform, the new measure will prospectively limit the calculation of penalties for violations to a per-person versus per-instance basis, which is expected to dramatically reduce potential catastrophic cumulative damage awards, highlighted by Cothron v. White Castle Sys., Inc.

Additionally the new law clarifies that an “electronic signature” is a valid method for providing written consent under BIPA, defined in the measure as “an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.” 

The Security Industry Association (SIA) supports commonsense protections for biometric data and the responsible, ethical implementation of biometric technologies, but for years BIPA has affected consumers in ways that were never intended, enriching trial lawyers instead of protecting consumer interests and making many beneficial technologies unavailable due its requirements or its ambiguities and overall litigation risk. SIA has actively supported key proposed reforms to BIPA throughout the past three years and applauds this achievement by Gov. Pritzker and the Illinois General Assembly.

SIA will continue to track developments and provide analysis related to Illinois’ privacy law, and we continue to welcome any member feedback. For further information, contact George Sewell, SIA’s government relations coordinator, at gsewell@securityindustry.org.