White Castle Employee Files Class Action Over Biometric Data Collection
Latrina Cothron worked as a manager of a White Castle restaurant in Illinois, starting in 2004. Shortly after her employment began, White Castle implemented a system in which employees were required to scan their fingerprints to access their paystubs and computers.
A third-party vendor verified each scan.
In 2008, the United States introduced the Biometric Information Policy Act, designed to protect citizens from the illegal collection of biometric data.
It states private entities may not “collect, capture, purchase, receive through trade, or otherwise obtain” a person’s biometric data without first providing notice to and receiving consent from the person.
Not until 2018 did Cothron receive consent forms from White Castle on acquiring her fingerprint biometric data.
She filed a complaint against her employer, claiming White Castle “unlawfully collected her biometric data and unlawfully disclosed her data to its third-party vendor in violation” of the Act.
In an underlying suit, White Castle moved for judgment, arguing the complaint was untimely, because Cothron’s claim accrued in 2008, after the Act’s effective date, and well after the first instance of White Castle’s fingerprint scanner implementation in 2004.
Cothron countered her claim was renewed with each scan, as White Castle’s third-party vendor was always rendering her biometric data for authentication.
The lower court initially sided with Cothron, denying White Castle’s motion. However, it later ordered its findings for interlocutory appeal, meaning the court felt it had made a judgment before all claims were resolved. The higher court reviewed.
In this review, the “parties’ competing interpretations of claim accrual reasonable under Illinois law” came into question.
Essentially, do these claims accrue each time a private entity scans a person’s biometric identifier and transmits it to a third party, or only upon the first scan and first transmission?
Upon extensive review and a look at the Biometric Information Policy Act, the court determined that every time biometric data is collected and transmitted accounts as a claim.
Scorecard: It was determined that White Castle was in violation of the Act every time Cothron and other employees scanned their fingerprints without consent. It could face a class action from employees following the decision.
Takeaway: With more technological advances making their way into workplaces, employers must be on top of how employee data is being collected, dispersed and reviewed, lest they want to be on the receiving end of a suit. &