Illinois’ Biometric Information Privacy Act (“BIPA”) regulates companies that obtain, use, store, sell, and disclose the biometric data of Illinois residents. Companies that fall under BIPA must provide notice to and receive consent from Illinois residents before obtaining their biometric data, and must take reasonable care that the biometric data remains secure. In addition, BIPA includes a private right of action, and if a regulated company fails to comply with its provisions, statutory damages can be as high as $5,000 for each violation. BIPA litigation is active in Illinois State Court and in Federal Courts across the United States.
A sticking point for litigants has been the statute of limitations for a party to bring a BIPA claim. BIPA does not include its own statute of limitations. Generally speaking, plaintiffs have argued that a longer limitations period applies, such as the five-year limitations period under section 13-205 of Illinois’ Code of Civil Procedure. And generally speaking, defendants have argued that a shorter limitations period applies, like the one-year period under section 13-201 of the Code of Civil Procedure.