The Illinois Supreme Court held on January 25, 2019, that plaintiffs filing suit under the Biometric Information Privacy Act—which regulates how private entities disclose and discard biometric identifiers—do not need actual damages for standing. The decision has serious implications for companies collecting biometric data from Illinois residents.

The Act provides a private right of action to individuals “aggrieved” by any violation, allowing them to seek, among other remedies, liquidated or actual damages, attorneys’ fees, and costs. However, there has been widespread uncertainty as to whether an aggrieved individual asserting a private action under the Act needed to show that he or she suffered an actual injury as a result of an alleged violation, or if a violation of the Act in and of itself conveys standing.
Continue Reading

One challenging aspect of privacy and data security law is that technology is constantly evolving. The near and long term future of privacy and data security will be driven by emerging technologies that developers, legislators, businesses, and lawyers may not fully understand for years to come. Last year saw a surge in technologies enabling companies to collect and analyze increasing amounts of consumer data as well as the development of technologies enabling consumers to better protect their privacy. Just as the development of new technologies is inevitable, so too is the rise of potential ways in which those technologies can be misused, which in turn provokes a legislative and regulatory response. The cycle never ends.

To help privacy and data security professionals keep pace with these changes, we will be providing regular updates throughout the course of the year on the development of emerging technologies, as well as legislation and regulation regarding privacy and data security. We begin with a review of recent developments in the Internet of Things and biometric technologies, and offer some predictions on legal and business changes to look for in 2018.


Continue Reading