January 26, 2023

Volume XIII, Number 26

Advertisement

January 26, 2023

Subscribe to Latest Legal News and Analysis

January 25, 2023

Subscribe to Latest Legal News and Analysis

January 24, 2023

Subscribe to Latest Legal News and Analysis

First Ever BIPA Trial Results in $228 Million Judgment Against BNSF Railway

On October 12, 2022, a federal jury found BNSF Railway, operator of one of the largest freight railroad networks in North America, violated the Illinois Biometric Information Privacy Act (“BIPA”) in the first ever BIPA case to go to trial. In Richard Rogers v. BNSF Railway Company (Case No. 19-C-3083, N.D. Ill.), truck drivers’ fingerprints were scanned for identity verification purposes when visiting BNSF rail yards to pick up and drop off loads. The jury found that BNSF recklessly or intentionally violated the law 45,600 times when it collected such fingerprint scans without written, informed permission or notice.

The outcome of Richard Rogers v. BNSF Railway Company highlights how damages may be calculated in BIPA suits going forward, as well as how companies may be liable for BIPA compliance even where they outsource biometric information collection and processing. Specifically:

  • Damages calculation: BIPA provides for up to $5,000 for every willful or reckless violation and $1,000 for every negligent violation. The jury found that BNSF recklessly or intentionally violated BIPA 45,600 times – the estimated number of drivers whose fingerprints were scanned – to total $228 million in damages against BNSF.

  • Use of vendors for biometric processing: BNSF was found liable for BIPA violations even though it was not the party that collected the fingerprints. BNSF had hired a third party, Remprex LLC, to process the drivers’ fingerprints at its rail yards. The jury found that BNSF was nonetheless responsible for compliance with the law.

View the judgment.

Copyright © 2023, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 292
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement