An Illinois appeals court has ruled that staffing agencies cannot be held liable under the Illinois Biometric Information Privacy Act (BIPA) when they do not control or possess employees’ biometric data.
In a case involving fingerprint time clocks at a food manufacturer, the Illinois Third District Appellate Court held that the staffing agencies were not responsible because the employer, not the staffing agencies, controlled the system and stored the data.
The court rejected the argument that simply helping enroll workers or showing them how to use the clocks makes an agency liable. Without access to or control over the data, there is no BIPA violation.
Why This Matters
BIPA lawsuits can carry $1,000–$5,000 in damages per violation, leading to large class action exposure. This ruling helps limit risk for staffing agencies and other companies that do not control biometric systems.
Practical Implications for Employers & Staffing Agencies
• Clearly define data control and ownership in contracts.
• Document which entity controls biometric systems and stored data.
• Limit administrative access where possible.
• Maintain compliant notice and consent procedures if you control biometric data.
If you would like to assess your organization’s biometric compliance exposure or risk under BIPA, contact us at info@tristanlegal.com.
