In a striking turn of events, the U.S. District Court of the Northern District of Illinois recently vacated a $228 million damages award. This penalty had originally been levied in Rogers v. BNSF Railway Co., the first case adjudicated to a verdict under the rules of the Illinois Biometric Information Privacy Act (BIPA). The case has drawn attention from legal professionals and corporate figures alike due to its profound implications on how companies handle biometric data.
Rogers v. BNSF Railway Co involved rail workers who alleged that BNSF Railway Co. (BNSF) had gathered their biometric information without obtaining properly informed consent. The jury’s initial determination was that BNSF had violated BIPA either recklessly or intentionally, with each instance of violation corresponding to a class member – amounting to a total of 45,600 times.
However, this recent decision to vacate the formidable damages award sends a contrasting message. This development may serve as a precedent in similar cases brought under BIPA and will undoubtedly have a widespread impact on how organizations manage and safeguard biometric information going forward.
Companies, particularly those operating in jurisdictions with biometric information regulation, should pay close attention to this unfolding case to stay on top of potential repercussions for their business operations and data privacy compliance strategies. Equally important, legal professionals tasked with advising on compliance need to remain attuned to these developments to provide robust and current guidance to clients.