summary
Introduced
02/05/2025
02/05/2025
In Committee
02/24/2026
02/24/2026
Crossed Over
Passed
Dead
Introduced Session
104th General Assembly
Bill Summary
Amends the Biometric Information Privacy Act. Changes the definition of "biometric identifier". Defines "biometric lock", "biometric time clock", "person", and "security purpose". Waives certain requirements for collecting, capturing, or otherwise obtaining a person's or a customer's biometric identifier or biometric information under certain circumstances relating to security purposes. Provides that nothing in the Act shall be construed to apply to information captured by a biometric time clock or biometric lock that converts a person's biometric identifier or biometric information to a mathematical representation. Provides that any person aggrieved by a violation of this Act has a right of action in State court or federal court within one year from its occurrence. Requires the aggrieved person to provide the private entity 30 days a written entity alleging the specific provisions of the Act that have been violated. Provides the private entity 30 days to cure the noticed violation. Exempts a private entity if its employees are covered by a collective bargaining agreement that provides for different policies regarding the retention, collection, disclosure, and destruction of biometric information. Effective immediately.
AI Summary
This bill amends the Biometric Information Privacy Act (BIPA) to provide more flexibility for private entities collecting and using biometric data for security purposes. The bill expands the definition of "biometric identifier" to exclude information converted to a mathematical representation and introduces new terms like "biometric lock" and "biometric time clock". It allows private entities to collect biometric information without prior written consent if done for security purposes, such as preventing theft, investigating fraud, protecting property, or assisting law enforcement, with the condition that the data is used only for those purposes and deleted once no longer necessary. The bill also modifies the right of action for aggrieved individuals by requiring them to provide a 30-day written notice to the private entity before filing a lawsuit, during which time the entity can cure the violation. If the entity provides a written statement that the violation has been addressed and will not recur, the individual cannot seek statutory damages. The bill maintains existing provisions for potential damages, including $1,000 for negligent violations and $5,000 for intentional or reckless violations, and creates exemptions for certain types of biometric data collection, such as those used in time clocks or locks that convert biometric data to an unrecreatable mathematical representation. The bill also exempts private entities with collective bargaining agreements that have different biometric information policies.
Committee Categories
Justice
Sponsors (1)
Last Action
Assigned to Judiciary - Civil Committee (on 02/24/2026)
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
| Document Type | Source Location |
|---|---|
| State Bill Page | https://www.ilga.gov/legislation/BillStatus.asp?DocNum=2838&GAID=18&DocTypeID=HB&SessionID=114&GA=104 |
| BillText | https://www.ilga.gov/legislation/104/HB/10400HB2838.htm |
Loading...