Illinois Clarifies Limitations on Data Privacy Claims

Illinois Clarifies Limitations on Data Privacy Claims

A court in Illinois has issued an opinion clarifying how the statute of limitations should be applied to the state's Biometric Information Privacy Act (BIPA).

In what The National Law Review described as "a highly anticipated ruling," the Illinois Appellate Court published an opinion that while a one-year deadline would be applied to claims based on unlawful profit or disclosure, claims relating to data retention policy disclosure, informed consent, and safeguarding would have a limitation period of five years. 

The ruling was made by a panel of three judges in the case of Tims v. Black Horse Carriers, Inc. The panel said that the different limitation periods are necessary because each BIPA requirement is "separate and distinct."

The five-year statute of limitations period applies to all BIPA claims that assert (1) unlawful collection of biometric data without written notice, or (2) issues relating to storing or transmitting it, or (3) claims involving the company's failure to develop a publicly available retention and destruction schedule.

BIPA claims that allege (1) improper disclosure or (2) improper sale, lease, trade, or profit from biometric data will fall under the one-year limitations period.

"This long-awaited decision provides much-needed clarity for businesses and entities involved in the collection or processing of biometric data that impacts Illinois residents," said Natalie Prescott, practice group associate at law firm  illinois clarifies limitations privacy claims