The Illinois Biometric Information Privacy Act — regulates the collection, storage, and use of biometric identifiers in employment.
BIPA (Biometric Information Privacy Act) is an Illinois state law (740 ILCS 14) that regulates how private entities collect, use, store, and destroy biometric identifiers (fingerprints, face geometry, voiceprints, retina scans, hand geometry) and biometric information. It applies to any private entity operating in Illinois — including out-of-state employers with Illinois employees.
Key requirements: provide a written policy disclosing the purpose, length of retention, and destruction guidelines; obtain a written, signed release before collecting biometric data; do not sell or profit from biometric data; protect biometric data with the same care as other confidential information; and destroy biometric data when the initial purpose has been satisfied or within 3 years of the last interaction with the subject.
BIPA includes a private right of action with statutory damages of $1,000 per negligent violation and $5,000 per intentional or reckless violation, plus attorneys' fees. The Illinois Supreme Court's 2023 Cothron decision treated each separate scan as a separate violation, leading to massive class-action verdicts. Texas (CUBI), Washington (HB 1493), and several other states have biometric laws, but BIPA's private right of action makes it the most consequential. Peoplifi's biometric integrations store templates on the device — never on Peoplifi servers — and hash punch events to minimize BIPA exposure.
Before enrolling Illinois employees in fingerprint clock-in, we obtained signed BIPA releases and updated our biometric retention policy.
Peoplifi unifies HR, payroll, time tracking, and performance into one modern platform — so concepts like BIPA stay handled, not stuck in spreadsheets.
Start free 14-day trial