Old Dominion accused of violating Illinois’ Biometric Information Privacy Act

A class action lawsuit has been filed against Old Dominion Freight Line for allegedly violating Illinois’ Biometric Information Privacy Act.

The lawsuit was filed on April 6 by John Kararo, an employee of Old Dominion. Kararo claims that the Thomasville, N.C., trucking company collected and stored biometric data without his consent, a violation of the Biometric Information Privacy Act.

Biometric Information Privacy Act

Enacted in 2008, Illinois’ Biometric Information Privacy Act regulates the collection, use, safeguarding, handling, storage, retention and destruction of biometric identifiers and information, according to the complaint.

A “biometric identifier” is defined as “a retina or iris scan, fingerprint, voiceprint or scan of hand or face geometry.”

The Biometric Information Privacy Act “prohibits private entities from collecting, capturing, purchasing, receiving through trade or otherwise obtaining a person’s biometric information unless the private entity:

1. Informs that person in writing that identifiers and information will be collected and/or stored.
2. Informs the person in writing of the specific purpose and length for which the identifiers or information is being collected, stored or used.
3. Receives a written release from the person for the collection of that data.
4. Publishes publicly available written retention schedules and guidelines for permanently destroying said data.

Old Dominion time clock system

Old Dominion required employees to use a time clock that collected and stored biometric data.

Specifically, employees had to scan their fingerprint in order to use the time clock. In doing so, Old Dominion’s time clock system “used, captured, collected and/or stored the ‘biometric identifiers’” of Kararo and other employees.

According to the complaint, Old Dominion does not maintain a public policy regarding its data retention and destruction protocols as required by the Biometric Information Privacy Act.

The lawsuit further alleges that Old Dominion did not satisfy the other three requirements spelled out in the Biometric Information Privacy Act, which essentially requires written consent before obtaining biometric information.

According to the lawsuit, Old Dominion attempted to secure Biometric Information Privacy Act consent forms within a week before the complaint was filed. Old Dominion is accused of offering employees $500 in an attempt to collect the consent forms.

Old Dominion could not be reached for comment.

Other Biometric Information Privacy Act lawsuits

Old Dominion is not the first transportation company facing a lawsuit alleging violations of the Biometric Information Privacy Act.

Last October, BNSF Railway was ordered to pay a class of truckers more than $200 million for violating the Biometric Information Privacy Act. At BNSF facilities, truckers were required to register their biometric identifiers and/or biometric information into biometrically enabled “Auto-Gate Systems” that partially control entrances and exits at the facilities.

Two years ago, Union Pacific Railroad was faced with a class action lawsuit filed by truckers alleging the company violated the Biometric Information Privacy Act. According to the complaint, truckers were required to scan their biometric identifiers into biometrically enabled identity kiosks.

In 2019, thousands of truckers who hauled freight out of an Illinois terminal for CSX Intermodal sued the company for violating their privacy by collecting fingerprint data. Required to use fingerprints to access terminals, plaintiffs accuse the company of violating Illinois’ Biometric Information Privacy Act. LL