Old Dominion tells federal court to dismiss biometric privacy lawsuit

June 21, 2023

Tyson Fisher

|

Old Dominion Freight Line is challenging a lawsuit claiming it violated Illinois’ Biometric Information Privacy Act.

On June 16, Old Dominion asked a federal court in Illinois to dispose of a class action lawsuit centered on the company’s time clock system. The lawsuit claims that the trucking company fails to “adhere to a publicly available retention and destruction schedule for biometric identifiers and biometric information.” Furthermore, the lawsuit alleges that the company fails “to obtain informed consent and releases before obtaining individuals’ alleged biometric identifiers and biometric information.”

However, Old Dominion has recently filed some counterclaims. To start, plaintiffs allege that the company “does not destroy ‘biometric identifiers’ or ‘biometric information’ ‘within three years of the individual’s last interaction with Old Dominion.” However, several of the plaintiffs are current employees.

“Even if accepted as true for purposes of this motion – which Old Dominion does not concede – plaintiffs cannot plausibly sustain an actual injury, if any injury at all, until Old Dominion has an obligation to destroy plaintiffs’ alleged biometric information or identifiers and fails to do so,” the company states in its June 16 motion.

Old Dominion also claims that it does have a privacy policy in place. The company claims that the policy makes all disclosures necessary under the Biometric Information Privacy Act.

Biometric Information Privacy Act

Enacted in 2008, Illinois’ Biometric Information Privacy Act regulates the collection, use, safeguarding, handling, storage, retention and destruction of biometric identifiers and information, according to the complaint.

A “biometric identifier” is defined as “a retina or iris scan, fingerprint, voiceprint or scan of hand or face geometry.”

The Biometric Information Privacy Act “prohibits private entities from collecting, capturing, purchasing, receiving through trade or otherwise obtaining a person’s biometric information unless the private entity:

  • Informs that person in writing that identifiers and information will be collected and/or stored.
  • Informs the person in writing of the specific purpose and length for which the identifiers or information is being collected, stored or used.
  • Receives a written release from the person for the collection of that data.
  • Publishes publicly available written retention schedules and guidelines for permanently destroying said data.

Old Dominion time clock system

Old Dominion required employees to use a time clock that collected and stored biometric data.

Specifically, employees had to scan their fingerprint in order to use the time clock. In doing so, Old Dominion’s time clock system “used, captured, collected and/or stored the ‘biometric identifiers’” of Kararo and other employees.

According to the complaint, Old Dominion does not maintain a public policy regarding its data retention and destruction protocols as required by the Biometric Information Privacy Act.

The lawsuit further alleges that Old Dominion did not satisfy the other three requirements spelled out in the Biometric Information Privacy Act, which essentially requires written consent before obtaining biometric information.

According to the lawsuit, Old Dominion attempted to secure Biometric Information Privacy Act consent forms within a week before the complaint was filed. Old Dominion is accused of offering employees $500 in an attempt to collect the consent forms.

Old Dominion could not be reached for comment.

Other Biometric Information Privacy Act lawsuits

Old Dominion is not the first transportation company facing a lawsuit alleging violations of the Biometric Information Privacy Act.

Last October, BNSF Railway was ordered to pay a class of truckers more than $200 million for violating the Biometric Information Privacy Act. At BNSF facilities, truckers were required to register their biometric identifiers and/or biometric information into biometrically enabled “Auto-Gate Systems” that partially control entrances and exits at the facilities.

Two years ago, Union Pacific Railroad was faced with a class action lawsuit filed by truckers alleging the company violated the Biometric Information Privacy Act. According to the complaint, truckers were required to scan their biometric identifiers into biometrically enabled identity kiosks.

In 2019, thousands of truckers who hauled freight out of an Illinois terminal for CSX Intermodal sued the company for violating their privacy by collecting fingerprint data. Required to use fingerprints to access terminals, plaintiffs accuse the company of violating Illinois’ Biometric Information Privacy Act. LL