| ||||||||||||||||||||||||
| ||||||||||||||||||||||||
| ||||||||||||||||||||||||
| 1 | AN ACT concerning civil law. | |||||||||||||||||||||||
| 2 | Be it enacted by the People of the State of Illinois, | |||||||||||||||||||||||
| 3 | represented in the General Assembly: | |||||||||||||||||||||||
| 4 | Section 5. The Biometric Information Privacy Act is | |||||||||||||||||||||||
| 5 | amended by changing Sections 10, 20, and 25 as follows: | |||||||||||||||||||||||
| 6 | (740 ILCS 14/10) | |||||||||||||||||||||||
| 7 | Sec. 10. Definitions. In this Act: | |||||||||||||||||||||||
| 8 | "Biometric identifier" means a retina or iris scan, | |||||||||||||||||||||||
| 9 | fingerprint, voiceprint, or scan of hand or face geometry. | |||||||||||||||||||||||
| 10 | Biometric identifiers do not include writing samples, written | |||||||||||||||||||||||
| 11 | signatures, photographs, human biological samples used for | |||||||||||||||||||||||
| 12 | valid scientific testing or screening, demographic data, | |||||||||||||||||||||||
| 13 | tattoo descriptions, or physical descriptions such as height, | |||||||||||||||||||||||
| 14 | weight, hair color, or eye color. Biometric identifiers do not | |||||||||||||||||||||||
| 15 | include donated organs, tissues, or parts as defined in the | |||||||||||||||||||||||
| 16 | Illinois Anatomical Gift Act or blood or serum stored on | |||||||||||||||||||||||
| 17 | behalf of recipients or potential recipients of living or | |||||||||||||||||||||||
| 18 | cadaveric transplants and obtained or stored by a federally | |||||||||||||||||||||||
| 19 | designated organ procurement agency. Biometric identifiers do | |||||||||||||||||||||||
| 20 | not include biological materials regulated under the Genetic | |||||||||||||||||||||||
| 21 | Information Privacy Act. Biometric identifiers do not include | |||||||||||||||||||||||
| 22 | information captured from a patient in a health care setting | |||||||||||||||||||||||
| 23 | or information collected, used, or stored for health care | |||||||||||||||||||||||
| |||||||
| |||||||
| 1 | treatment, payment, or operations under the federal Health | ||||||
| 2 | Insurance Portability and Accountability Act of 1996. | ||||||
| 3 | Biometric identifiers do not include an X-ray, roentgen | ||||||
| 4 | process, computed tomography, MRI, PET scan, mammography, or | ||||||
| 5 | other image or film of the human anatomy used to diagnose, | ||||||
| 6 | prognose, or treat an illness or other medical condition or to | ||||||
| 7 | further validate scientific testing or screening. | ||||||
| 8 | "Biometric information" means any information, regardless | ||||||
| 9 | of how it is captured, converted, stored, or shared, based on | ||||||
| 10 | an individual's biometric identifier used to identify an | ||||||
| 11 | individual. Biometric information does not include information | ||||||
| 12 | derived from items or procedures excluded under the definition | ||||||
| 13 | of biometric identifiers. | ||||||
| 14 | "Confidential and sensitive information" means personal | ||||||
| 15 | information that can be used to uniquely identify an | ||||||
| 16 | individual or an individual's account or property. Examples of | ||||||
| 17 | confidential and sensitive information include, but are not | ||||||
| 18 | limited to, a genetic marker, genetic testing information, a | ||||||
| 19 | unique identifier number to locate an account or property, an | ||||||
| 20 | account number, a PIN number, a pass code, a driver's license | ||||||
| 21 | number, or a social security number. | ||||||
| 22 | "Electronic signature" means an electronic sound, symbol, | ||||||
| 23 | or process attached to or logically associated with a record | ||||||
| 24 | and executed or adopted by a person with the intent to sign the | ||||||
| 25 | record. | ||||||
| 26 | "Internet dating service" means a person or entity in the | ||||||
| |||||||
| |||||||
| 1 | business of providing dating, romantic relationship, or | ||||||
| 2 | matrimonial services principally on or through the Internet. | ||||||
| 3 | "Private entity" means any individual, partnership, | ||||||
| 4 | corporation, limited liability company, association, or other | ||||||
| 5 | group, however organized. A private entity does not include a | ||||||
| 6 | State or local government agency. A private entity does not | ||||||
| 7 | include any court of Illinois, a clerk of the court, or a judge | ||||||
| 8 | or justice thereof. | ||||||
| 9 | "Safety purpose" means the purpose of preventing, | ||||||
| 10 | detecting, investigating or responding to actual or suspected | ||||||
| 11 | criminal activity, harassment, or fraud, including spam. | ||||||
| 12 | "Written release" means informed written consent, | ||||||
| 13 | electronic signature, or, in the context of employment, a | ||||||
| 14 | release executed by an employee as a condition of employment. | ||||||
| 15 | (Source: P.A. 95-994, eff. 10-3-08.) | ||||||
| 16 | (740 ILCS 14/20) | ||||||
| 17 | Sec. 20. Right of action. | ||||||
| 18 | (a) Any person aggrieved by a violation of this Act shall | ||||||
| 19 | have a right of action in a State circuit court or as a | ||||||
| 20 | supplemental claim in federal district court against an | ||||||
| 21 | offending party. A prevailing party may recover for each | ||||||
| 22 | violation: | ||||||
| 23 | (1) against a private entity that negligently violates | ||||||
| 24 | a provision of this Act, liquidated damages of $1,000 or | ||||||
| 25 | actual damages, whichever is greater; | ||||||
| |||||||
| |||||||
| 1 | (2) against a private entity that intentionally or | ||||||
| 2 | recklessly violates a provision of this Act, liquidated | ||||||
| 3 | damages of $5,000 or actual damages, whichever is greater; | ||||||
| 4 | (3) reasonable attorneys' fees and costs, including | ||||||
| 5 | expert witness fees and other litigation expenses; and | ||||||
| 6 | (4) other relief, including an injunction, as the | ||||||
| 7 | State or federal court may deem appropriate. | ||||||
| 8 | (b) For purposes of subsection (b) of Section 15, a | ||||||
| 9 | private entity that, in more than one instance, collects, | ||||||
| 10 | captures, purchases, receives through trade, or otherwise | ||||||
| 11 | obtains the same biometric identifier or biometric information | ||||||
| 12 | from the same person using the same method of collection in | ||||||
| 13 | violation of subsection (b) of Section 15 has committed a | ||||||
| 14 | single violation of subsection (b) of Section 15 for which the | ||||||
| 15 | aggrieved person is entitled to, at most, one recovery under | ||||||
| 16 | this Section. | ||||||
| 17 | (c) For purposes of subsection (d) of Section 15, a | ||||||
| 18 | private entity that, in more than one instance, discloses, | ||||||
| 19 | rediscloses, or otherwise disseminates the same biometric | ||||||
| 20 | identifier or biometric information from the same person to | ||||||
| 21 | the same recipient using the same method of collection in | ||||||
| 22 | violation of subsection (d) of Section 15 has committed a | ||||||
| 23 | single violation of subsection (d) of Section 15 for which the | ||||||
| 24 | aggrieved person is entitled to, at most, one recovery under | ||||||
| 25 | this Section regardless of the number of times the private | ||||||
| 26 | entity disclosed, redisclosed, or otherwise disseminated the | ||||||
| |||||||
| |||||||
| 1 | same biometric identifier or biometric information of the same | ||||||
| 2 | person to the same recipient. | ||||||
| 3 | (d) Any violations of this Act by an Internet dating | ||||||
| 4 | service shall be enforced exclusively by the Attorney General. | ||||||
| 5 | (Source: P.A. 95-994, eff. 10-3-08.) | ||||||
| 6 | (740 ILCS 14/25) | ||||||
| 7 | Sec. 25. Construction. | ||||||
| 8 | (a) Nothing in this Act shall be construed to impact the | ||||||
| 9 | admission or discovery of biometric identifiers and biometric | ||||||
| 10 | information in any action of any kind in any court, or before | ||||||
| 11 | any tribunal, board, agency, or person. | ||||||
| 12 | (b) Nothing in this Act shall be construed to conflict | ||||||
| 13 | with the X-Ray Retention Act, the federal Health Insurance | ||||||
| 14 | Portability and Accountability Act of 1996 and the rules | ||||||
| 15 | promulgated under either Act. | ||||||
| 16 | (c) Nothing in this Act shall be deemed to apply in any | ||||||
| 17 | manner to a financial institution or an affiliate of a | ||||||
| 18 | financial institution that is subject to Title V of the | ||||||
| 19 | federal Gramm-Leach-Bliley Act of 1999 and the rules | ||||||
| 20 | promulgated thereunder. | ||||||
| 21 | (d) Nothing in this Act shall be construed to conflict | ||||||
| 22 | with the Private Detective, Private Alarm, Private Security, | ||||||
| 23 | Fingerprint Vendor, and Locksmith Act of 2004 and the rules | ||||||
| 24 | promulgated thereunder. | ||||||
| 25 | (e) Nothing in this Act shall be construed to apply to a | ||||||
| |||||||
| |||||||
| 1 | contractor, subcontractor, or agent of a State agency or local | ||||||
| 2 | unit of government when working for that State agency or local | ||||||
| 3 | unit of government. | ||||||
| 4 | (f) Nothing in this Act shall be construed to apply to an | ||||||
| 5 | Internet dating service, or a provider acting on its behalf, | ||||||
| 6 | while engaged in the collection, capture, processing, | ||||||
| 7 | possession, retention, disclosure, redisclosure, or | ||||||
| 8 | dissemination of biometric information or biometric | ||||||
| 9 | identifiers for a safety purpose. If an Internet dating | ||||||
| 10 | service, or a provider acting on its behalf, collects, | ||||||
| 11 | captures, processes, possesses, retains, discloses, | ||||||
| 12 | rediscloses, or disseminates biometric information for a | ||||||
| 13 | safety purpose, it is exempt from complying with subsections | ||||||
| 14 | (a) through (d) of Section 15. If an Internet dating service, | ||||||
| 15 | or a provider acting on its behalf, collects, captures, | ||||||
| 16 | processes, possesses, retains, discloses, rediscloses, or | ||||||
| 17 | disseminates biometric information for a different purpose, or | ||||||
| 18 | seeks to use or convert for a different purpose biometric | ||||||
| 19 | information that was collected, captured, processed, | ||||||
| 20 | possessed, retained, disclosed, redisclosed, or disseminated | ||||||
| 21 | for a safety purpose, the exemption in this subsection shall | ||||||
| 22 | not apply. | ||||||
| 23 | (Source: P.A. 95-994, eff. 10-3-08.) | ||||||