First IL BIPA Class Action Suit Wins $44 Million and Signals More to Come

First IL BIPA Class Action Suit Wins $44 Million and Signals More to Come

The first BIPA class action went to trial in the Illinois Federal Court against BNSF railroad with surprising results.  Even though BNSF used a third-party vendor to administer and oversee their employee data protection, the jury was permitted to consider if BNSF could be held liable.  And they did, awarding a $44 million verdict and signaling that hiring a third-party vendor to store and collect BIPA data does not protect the company itself from vicarious liability. 

The case involved a BIPA breach of BNSF employee information.  BNSF utilized a third-party vendor to store and collect its BIPA data. Although BNSF argued that it owed no duty because the BIPA law only holds those liable who actually store the data, the judge disagreed and allowed the jury to consider if BNSF should be held vicariously liable for the omissions of the vendor.  The jury rendered its $44 Million verdict against BNSF in under an hour.

Although this federal trial result isn’t law until the appellate court rules, the jury quickly found against the employer, even though BSNF did not itself actively collect, use, or possess any biometric data. This provides further support for the critical but unsettled issue of vicarious liability in BIPA class action disputes.

Ultimately, the likely impact of this verdict will be an immediate uptick in the volume of BIPA class action filings moving forward. At the same time, the ruling will also almost certainly be used by plaintiff’s attorneys during settlement negotiations in future class actions to drive up the already-inflated value of BIPA claims.

It’s imperative that your organization remains compliant with the bill, or you can be faced with some pretty hefty fines. These are some ways to ensure you are protecting your organization:

Obtain Written Consent
Make Your Policy Public
Take Reasonable Care

Keep in mind that if your organization is using a third-party provider to store the biometric data, you should still obtain written consent from your vendors. This written consent should include items like how they safeguard, store, and destruct the unique data to ensure you are fully compliant.

Be sure to check out this white paper to learn more on how this state legislation can impact your business.

Also, don’t forget to contact a member of the ‘A’ Team for further assistance.


Christine Trimarco

With her extensive legal and insurance industry experience, Christine serves as Complex Claims Counsel at Assurance. She’s well-versed in areas like construction law, product liability, medical malpractice and errors & omissions. Prior to joining Assurance, Christine was an attorney for Cassiday Schade LLP, where she was a partner and chair of the hiring committee. She earned her Juris Doctor from The John Marshall Law School, as well as a Bachelor of Arts degree in Psychology from DePaul University.