Lifespace Communities (Lifespace) Inc., a retirement community chain with more than 15 communities in eight states, recently settled a class action for $987,850 for its alleged violation of the Illinois Biometric Information Privacy Act (BIPA).

The class action was filed in June 2020 in the U.S. District Court for the Northern District of Illinois by Sabrina Bedford, a former nursing assistant at one of Lifespace’s Illinois communities. Bedford alleged that Lifespace violated BIPA requirements by unlawfully requiring employees to scan their fingerprints to track their work hours without obtaining prior informed consent from employees, disclosing its data-collection practices or its retention policy, or informing employees that Lifespace shares their information with third parties.

In the final approval order, Judge Manish Shah approved the proposed settlement amount, which includes a $10,000 incentive award to Bedford and $330,000 in attorneys’ fees. Additionally, settlement class members are expected to receive approximately $1,150 each.

This is yet another example of consumers pushing for transparency and privacy of their personal information. If biometric data collection is necessary for your operations and your company is collecting biometric data (even outside of Illinois and the reach of BIPA), be aware of the risks associated with this type of data collection and seek guidance on appropriate privacy and security measures and safeguards.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.