Photo of Garylene “Gage” Javier

Garylene “Gage” Javier, CIPP/US is a Privacy & Cybersecurity associate in the firm’s Washington, D.C. office. Gage practices focuses on privacy, data security, and consumer protection, assisting financial services clients overcome regulatory challenges and achieve their business goals. Gage assists clients concerns that arise from state and federal laws that apply to data privacy and information security, including: the Gramm-Leach-Bliley Act (GLBA); California Consumer Privacy Act (CCPA); California Privacy Rights Act (CPRA); California Financial Information Privacy Act (CFIPA); the Fair Credit Reporting Act (FCRA) and its Affiliate Marketing Rule; the Virginia Consumer Data Protection Act (CDPA); and the EU General Data Protection Regulation (GDPR).

Illinois’ Biometric Information Privacy Act (“BIPA”) regulates companies that obtain, use, store, sell, and disclose the biometric data of Illinois residents.  Companies that fall under BIPA must provide notice to and receive consent from Illinois residents before obtaining their biometric data, and must take reasonable care that the biometric data remains secure.  In addition, BIPA includes a private right of action, and if a regulated company fails to comply with its provisions, statutory damages can be as high as $5,000 for each violation.  BIPA litigation is active in Illinois State Court and in Federal Courts across the United States.

A sticking point for litigants has been the statute of limitations for a party to bring a BIPA claim.  BIPA does not include its own statute of limitations.  Generally speaking, plaintiffs have argued that a longer limitations period applies, such as the five-year limitations period under section 13-205 of Illinois’ Code of Civil Procedure.  And generally speaking, defendants have argued that a shorter limitations period applies, like the one-year period under section 13-201 of the Code of Civil Procedure.

Continue Reading A Statute of Limitations for BIPA Claims? We May be One Step Closer