On November 20, 2018, the Illinois Supreme Court heard arguments in a case that could shape future litigation under the Illinois Biometric Information Privacy Act (“BIPA”). BIPA requires companies to (i) provide prior written notice to individuals that their biometric data will be collected and the purpose for such collection, (ii) obtain a written release from individuals before collecting their biometric data and (iii) develop a publicly available policy that sets forth a retention schedule and guidelines for deletion once the biometric data is no longer used for the purpose for which it was collected (but for no more than three years after collection). BIPA also prohibits companies from selling, leasing or trading biometric data.

Continue Reading

On June 13, 2017, Judge Andrea R. Wood of the Northern District of Illinois dismissed with prejudice a putative consumer class action filed against Barnes and Noble. The case was first filed after Barnes and Noble’s September 2012 announcement that skimmers had tampered with PIN pad terminals in 63 of its stores and exposed payment card information.
Continue Reading

On May 16, 2017, the Governor of the State of Washington, Jay Inslee, signed into law House Bill 1493, which sets forth requirements for businesses who collect and use biometric identifiers for commercial purposes. The law will become effective on July 23, 2017. Washington becomes the third state to pass legislation regulating the commercial use of biometric identifiers.
Continue Reading

On January 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Presence Health stemming from the entity’s failure to notify affected individuals, the media and OCR within 60 days of discovering a breach. This marks the first OCR settlement of 2017 and the first enforcement action relating to untimely breach reporting by a HIPAA covered entity.
Continue Reading

On August 4, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.
Continue Reading