As recent events have shown, the next frontier of privacy litigation looks set to be the Illinois Genetics Information Privacy Act (GIPA), which has been hit with a wave of class actions since 2023. This novel legislation regulates how employers can use people’s genetic data and has important implications for businesses operating in the region.
Companies have traditionally sought to gauge the health and fitness of potential hires, perhaps even more so where the roles involve manual labor or work in potentially hazardous environments. However, as GIPA litigation continues to gain momentum, Illinois employers will need to reassess their policies and practices in light of the regulations.
At issue is the collection of what GIPA defines as ‘genetic data’, a term which covers a broad spectrum of information. It ranges from data from an individual’s genetic tests or those of family members, to manifestations of diseases or disorders in an individual or their family. The legislation also covers any use of genetic services that interpret genetic tests, or participation in clinical research, by the individual or their family.
These comprehensive regulations mean that businesses will have to think twice before requiring prospective or current employees to undertake physical exams or health questionnaires. In particular, these elements could potentially infringe upon GIPA if they indirectly request the prohibited information.
The implications of falling afoul of these regulations can be severe for any business. The Act allows private action, meaning any aggrieved plaintiff could potentially recover hefty damages or seek injunctive relief for violations. This private right of action, coupled with GIPA’s broad definition of genetic data, is likely to fuel the wave of class actions filed under the Act.
To avert such risks, businesses can take proactive steps to ensure their practices align with the GIPA regulations. They can start by carefully evaluating the information they collect and use from their employees, and determine if this falls under the remit of ‘genetic data’. In the course of doing so, it will be important for firms to weigh the utility of specific information against the potential administrative burdens as well as the risks of attracting litigation.
Employers are also advised to work closely with their legal counsel to review and update their practices, policies, and procedures accordingly. In some instances, companies may want to consider taking additional steps, such as adding disclaimers and reviewing their contracts with third-party medical providers, to further limit their potential liability.
Overall, with these systemic changes fast taking root across Illinois, it is no overstatement to say that Illinois’ genetic privacy law has created a whole new landscape for businesses to navigate. As the corporate world comes to grips with these changes, proactive steps to ensure compliance are not just prudent but essential.
For more insight into this issue, read the full article.