Should Employers Consider Special Release Agreements Before Distributing New Laptops?

Building on an earlier decision, discussed here, a federal district court sitting in Illinois held, in relevant part, that an action filed by an employee against an employer pursuant to the Illinois Biometric Information Privacy Act (“BIPA”) [740 ILCS 14/1, et seq.] is not barred by the exclusive remedy provisions of the Illinois Workers’ Compensation Act (“the Act”) [Cothron v. White Castle Sys., 2020 U.S. Dist. LEXIS 104795 (N.D., Ill. June 16, 2020)]. Stressing that the sorts of injuries allegedly inflicted by an employer’s violation of BIPA were not the sorts generally within the purview of the Act, the district court refused to dismiss the plaintiff-employee’s civil action. As mentioned below, based on decisions such as this one, employers may need to revise their employment agreements before handing out new laptops to employees.

Background

The employee worked as a manager of the employer, a restaurant chain. Beginning about 2007, before the enactment of the BIPA, the employer introduced a fingerprint-based computer system that required Cothron, as a condition of continued employment, to scan and register her fingerprint in order to access the computer as a manager and access her paystubs as an hourly employee. According to the plaintiff-employee, the employer’s system involved transferring the fingerprints to two third-party vendors, as well as storing the fingerprints at other separately owned and operated data-storage facilities. The plaintiff-employee did not sign any sort of written release in connection with the employer’s action.

When the BIPA became law in mid-2008, the legal landscape changed, but the employer’s practices did not, at least for 10 years. It was not until October 2018 that the employer provided the plaintiff-employee with a consent form. The instant suit was one of many filed by plaintiffs against the employer alleging violations of the BIPA.

Not Barred by Exclusive Remedy

The employer argued that injuries, such as those allegedly incurred by the plaintiff, were suffered “in the line of duty” during “the course of employment”, that they were compensable under the Act, and, therefore, they were preempted by the exclusive remedy of the Act. The federal district court noted that in Folta v. Ferro Eng’g, 2015 IL 118070, 397 Ill. Dec. 781, 43 N.E.3d 108 (Ill. 2015)), the Supreme Court of Illinois noted the incompleteness of the “line of duty” test and articulated a further constraint pertaining to the character of the injury: “whether an injury is compensable is related to whether the type of injury categorically fits within the purview of the Act” [Folta, 43 N.E.3d at 114-15].

The federal court added that although the Act could cover psychological injuries, not just physical ones, Illinois courts had generally required that the psychological injury stem from “a sudden, severe emotional shock traceable to a definite time, place and cause” [see, e.g., Pathfinder Co. v. Indus. Comm’n, 62 Ill. 2d 556, 563, 343 N.E.2d 913, 917 (Ill. 1976)]. In reaching its decision in Pathfinder, the Supreme Court of Illinois suggested a more general test for whether an employee suffered a compensable injury: “whether there was a harmful change in the human organism—not just its bones and muscles, but its brain and nerves as well” [Treadwell v. Power Sols. Int’l, Inc., 427 F. Supp. 3d 984 (N.D. Ill. 2019) (quoting Pathfinder, 343 N.E.2d at 918)]. The district court noted that while there might be psychological injury as a result of a breach of privacy such as had been alleged in the instant case, that did not mean those harms were one and the same. Consistent with the other courts to previously consider the issue, the district court concluded that the plaintiff-employee’s injuries stemming from alleged BIPA violations were not preempted by the IWCA.

Comment: Similar “BIPA” Acts Enacted in Texas, Washington, and California

My research reveals that two other states, Texas [Tex. Bus. & Com. Code Ann. §503.001] and Washington [Wash. Rev. Code § 19.35], have enacted similar biometric privacy laws, and that the California Consumer Privacy Act (“CCPA”)[CAL. CIV. CODE § 1798.100 et seq.], which became effective January 1, 2020, provides similar protections. A number of other states, including Arizona, Florida, and Massachusetts have considered similar legislation in recent years.

Employers should note that many newer laptop computers, such as those sold by Apple, Microsoft Lenovo, HP, and others, allow the use of fingerprint scanning for identification. Some new PCs now allow for facial recognition. How the computers manage the stored information is above my pay-grade, but employers that utilize such devices should exercise caution. Getting a properly drafted written release from the employee before his or her use of the laptop would seem prudent.