Candid Color Systems Inc., based in Oklahoma, faces a class action lawsuit for its alleged violations of the Illinois Biometric Information Privacy Act (BIPA). Candid Colors offers marketing services to photographers, including photo-matching technology that allows consumers to identify all of the photos taken of a particular student at a graduation ceremony.

The complaint, filed in the U.S. District Court for the Western District of Oklahoma, alleges that Candid Color collected and used biometric information of individuals collected at high school and college graduations without consent in violation of BIPA. The complaint states that Candid Color used students’ biometric identifiers to identify students without first informing the individuals and obtaining their consent before collection as required by BIPA.

The complaint further alleges that Candid Color profited from the biometric data collected from the students in violation of BIPA and did not make available its biometric data collection and destruction policies.

This is an interesting lawsuit: it was filed a few days after a similar lawsuit against Candid Color was dismissed by the U.S. District Court for the Southern District of Illinois, which found that Candid Color did not have enough contacts with Illinois to support jurisdiction. The plaintiffs seek to represent a class of Illinois residents whose biometric data was collected by Candid Color. The plaintiffs seek statutory damages of $5,000 per reckless or intentional BIPA violation and $1,000 per negligent violation. We’ll see if this suit proceeds and how the court applies the recent amendments made to BIPA by the Illinois Governor’s bill amending BIPA.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.