Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jerry Maatman and associate Christian Palacios with their discussion of what is believed to be the first summary judgment ruling for a certified class under the Illinois BIPA. The Illinois trial court’s decision in this case underscores the danger that companies face under state privacy “strict liability” statutes.
Check out today’s episode and subscribe to our show from your preferred podcast platform: Spotify, Amazon Music, Apple Podcasts, Google Podcasts, the Samsung Podcasts app, Podcast Index, Tune In, Listen Notes, iHeartRadio, Deezer, YouTube or our RSS feed.
Episode Transcript
Jerry Maatman: Thank you for being here, our loyal blog listeners. Welcome to this week’s edition of the Class Action Weekly Wire. I’m Jerry Maatman, a partner at Duane Morris, and I’m joined today by my colleague, Christian Palacios. Thank you for being on the podcast today.
Christian Palacios: Thanks, Jerry. I’m really happy to be here
Jerry: Today we’re talking about BIPA ruling – the Illinois Biometric Information Privacy Act, in a case called Thompson, et al. v. Matcor Metal Fabrication (Illinois), Inc., something that we blogged about – a very important opinion. Christian, can you give our listeners kind of an overview of why this case is significant and one they ought to take notice of?
Christian: Absolutely, Jerry. In September of 2019, Matcor Fabrication rolled out a new timekeeping policy, whereby it collected employees, fingerprints using “biometric scanners” for the purposes of determining when employees clocked in and out of work. The scanners that collected this information were connected to Matcor’s timekeeping vendor – ADP – and the company sent finger scan data to ADP every time an employee scanned their fingertips. The plaintiff and class representative, William Thompson, subsequently brought a lawsuit in May of 2020, alleging the company’s timekeeping policy violated the Illinois BIPA. Nearly one year after the lawsuit had commenced, Matcor implemented BIPA-compliant policies, which included distributing a “Biometric Consent Form” outlining Matcor’s policies collecting, retaining, and destroying employee data.
Jerry: Thanks. Now, in this case the plaintiffs early on in the litigation filed a motion for class certification, which was granted. Then there was class-wide discovery, and, as I understand, the record dueling motions, or cross motions for summary judgment were filed, both by the plaintiff on behalf of the class and the defendant. Both in essence saying there was no material issue of fact and liability was either established, if you believe the plaintiff – or there was no liability, if you believe the papers of the defendant. What did the trial court do in ruling upon those cross motions?
Christian: So the court held that there was no dispute of material facts that Matcor’s timekeeping policies during the class-wide time period violated the BIPA. In its ruling, the court dismissed a series of defenses offered by the company, including that in order for the BIPA to apply, Matcor’s timeclocks needed to “collect” and store its employees’ fingerprints, rather than just transmit it to a third-party vendor. The court was unconvinced with this argument. It opined that the BIPA also applied when timeclocks collected biometric information “based on” a fingerprint. Matcor further argued that there was a difference between the “fingertip” scans that it took and the “fingerprint” scans covered by the BIPA, but it was unable to cite authority that showed any meaningful difference between the two. Finally, Matcor argued that the court needed “expert testimony” to assess the type of information the company’s time clocks collected. The court rejected this contention. It observed that collecting employees’ fingertip information clearly fell under the BIPA’s definition of biometric information.
Based on the facts, the court determined that it was undisputed that Matcor began using biometric timeclocks to collect employees’ fingerprints in 2019, and the company didn’t implement a BIPA-compliant policy until one year after the plaintiff commenced his suit. The record also clearly shows that Matcor failed to obtain its employees consent before collecting their fingerprints, and only obtained BIPA releases two years after the suit was initiated. Accordingly, the court granted the plaintiff’s motion for summary judgment and the lawsuit will now proceed to the damages stage.
Jerry: It’s a pretty devastating ruling insofar as basically, there’s no question right now other than damages. And at least in my experience, that’s a very high-stakes maneuver to file a motion for summary judgment on a class-wide basis. And so you can kind of count on one hand the number of times that a plaintiff or defendant ever wins summary judgment when it involves all issues in a case with respect to liability on a class-wide basis. It does show the devastating nature of a failure of compliance by an employer with the requirements of BIPA and kind of is a call to other employers to make sure that they have their employment law house in order to take care of these things.
Christian: Exactly, Jerry. Although Illinois was one of the early adopters of such a stringent privacy laws, it’s certainly not going to be the last, and companies should take preventative measures to limit liability associated with such privacy statutes.
Jerry: Well, thanks so much, Christian, for devoting your thought leadership in this area, great having you on the show and having you part of the podcast. And to our loyal blog listeners, have a happy holiday season!
Christian: Thanks for having me, Jerry. Happy holidays to you and all your listeners.