On October 12, 2022, a federal jury found BNSF Railway, operator of one of the largest freight railroad networks in North America, violated the Illinois Biometric Information Privacy Act (“BIPA”) in the first ever BIPA case to go to trial. In Richard Rogers v. BNSF Railway Company (Case No. 19-C-3083, N.D. Ill.), truck drivers’ fingerprints were scanned for identity verification purposes when visiting BNSF rail yards to pick up and drop off loads. The jury found that BNSF recklessly or intentionally violated the law 45,600 times when it collected such fingerprint scans without written, informed permission or notice.
The outcome of Richard Rogers v. BNSF Railway Company highlights how damages may be calculated in BIPA suits going forward, as well as how companies may be liable for BIPA compliance even where they outsource biometric information collection and processing. Specifically:
- Damages calculation: BIPA provides for up to $5,000 for every willful or reckless violation and $1,000 for every negligent violation. The jury found that BNSF recklessly or intentionally violated BIPA 45,600 times – the estimated number of drivers whose fingerprints were scanned – to total $228 million in damages against BNSF.
- Use of vendors for biometric processing: BNSF was found liable for BIPA violations even though it was not the party that collected the fingerprints. BNSF had hired a third party, Remprex LLC, to process the drivers’ fingerprints at its rail yards. The jury found that BNSF was nonetheless responsible for compliance with the law.