Skip to content Skip to navigation

Kimpton Hotel Biometric Fingerprint Data Storage Class Action

Share
Fingerprint

Would you feel comfortable giving your fingerprints to your employer, so they can be used to clock you in and out in place of a timecard? If the thought makes you uneasy, you’re not alone. Illinois law has already begun regulating the taking, retention, and use of such “biometric data.” The complaint for this class action alleges that a hotel chain did not follow these regulations.

The action proposes a class and a subclass. The class includes all individuals whose biometrics were captured, obtained, stored, or used by IHG within the state of Illinois any time within the applicable limitations period. The subclass includes all individuals whose biometrics were captured, obtained, stored, or used by Kimpton within the state of Illinois any time within the applicable limitations period.

A “biometric identifier” is any personal feature that is unique to individuals, such as DNA or a fingerprint. “Biometric information” includes any information based on such identifiers, such as copies of fingerprints, iris scans, palm scans, or DNA information, that is captured, stored, or otherwise used to identify individuals. The storage of biometric information can be a worrisome topic, the complaint claims: If someone steals your social security number, for example, you can cancel it and apply for a new one, but what do you do when someone steals your fingerprints? 

According to the complaint, Illinois law requires that companies that wish to use individuals’ biometric information must do three things.

  • They must inform the individual in writing that such data will be collected and stored;
  • They must inform the individual of the purpose and length of time for which it will be stored and used; and
  • They must obtain a written release from the individual for the collection of their information.

In addition, they must develop a written policy that is available to the public that establishes a retention schedule and guidelines for destroying biometric information, within three years of the last interaction with the individual or when the purpose for gathering the information has been satisfied.

Plaintiff Eric Zepeda worked at Kimpton Hotels, a subsidiary of Intercontinental Hotels Group, Inc. According to the complaint, at the beginning of his tenure, the hotel used standard means of timekeeping, such as scanning ID cards, but in or about 2014 switched to using fingerprints. The complaint claims that, prior to taking Zepeda’s fingerprint data,

  • The company did not inform him in writing of what was happening,
  • It did not inform him of the purpose and length of time the information would be stored and used;
  • It did not obtain a written release from him for the collection of the information; and
  • It did not create any publicly-available policy about the retention or destruction of the information.

The complaint also contends that if the hotel uses out-of-state, third-party vendors to operate their biometric program, each transmission of information constitutes a violation of law, since the hotel did not obtain Zepeda’s consent to share the information with a third party. 

Article Type: 
Topic: 

Free Case Evaluation

Fill out the information for a FREE and prompt case evaluation.

About you

Additional Information

Latest Tweets

Join Us on Facebook