Ill. Resident Says Ingersoll-Rand Unit's Hand Scanner Violates BIPA Law
Employees at Illinois companies that use Recognition Systems scanners are required to have their hand geometry scanned into a biometric device as a condition of employment, exposing them to “serious and irreversible privacy risks,” alleged an Illinois Biometric Information Privacy Act (BIPA) class action Monday (docket 9:24-cv-03999) in U.S. District Court for Eastern New York.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Plaintiff Alonso Gutierrez, a resident of Illinois, sued Recognition Systems and parent company Ingersoll Rand for developing HandPunch, a hand geometry scanner used for biometric timekeeping, for BIPA violations, said the complaint. The device is advertised as capable of taking over 90 distinct measurements of an employee’s hand, including those measuring length, width, thickness and surface area, the complaint said.
Unlike key fobs, identification numbers or swipe cards, which can be replaced if they’re stolen or compromised, fingerprints and hand geometry biometrics are “unique, permanent biometric identifiers associated with an employee,” the complaint said. When employees begin work at an Illinois company that uses the defendants’ biometric products, they’re required to have their fingerprint or hand geometry scanned into the device to enroll them in the company’s database, said the complaint. The defendants then store the employees’ biometric information or identifiers so that Illinois employers can access the biometric information to use for payroll and attendance confirmation, the complaint said.
Gutierrez was required to scan his hand geometry twice a day at Illinois-based employer McFarlane Douglass to clock in and out of work from May 4, 2016, to Nov. 6, 2023, the complaint said. His prints were also scanned every time he clocked out and back in for a meal break, creating a total scan count of “hundreds” during his employment at the company, the complaint said.
In the five years before Gutierrez’s lawsuit, the defendants collected the prints from “hundreds” or “thousands” of other Illinois residents for employee verification purposes, the complaint said. They “collected, stored, used or otherwise obtained biometric information” from similarly situated individuals, it said.
The defendants failed to obtain express written consent from Gutierrez when using its scanner prior to collecting or possessing his biometric information, it said. They never informed him the specific purpose and length of time for which the data would be stored and didn’t provide “publicly available policies identifying their retention schedules or guidelines for permanently destroying users’ biometric identifiers or information,” it said.
Gutierrez seeks for himself and the class liquidated or actual monetary damages, whichever is higher; an order enjoining the defendants from committing further BIPA violations; and reasonable attorneys’ fees and costs.