A lawsuit recently filed against Amazon.com for a violation of the Illinois Biometric Information Protection Act (“BIPA”) should serve as a reminder to all companies engaged in COVID-19-related employee and/or customer scanning that it is important to determine what privacy and cybersecurity laws apply to your screening measures, and confirm that you are engaging in all required practices under those laws.

The recently-filed suit is a class action complaint brought by Michael Jerinic, a former Amazon employee, in the Circuit Court of Cook County, Illinois.  Jerinic alleges that in June 2020, in response to growing safety concerns related to the COVID-19 pandemic, Amazon began requiring its workers to provide a scan of their facial geometry, and possibly other biometric information, as part of a wellness check prior to being allowed access to the warehouse facility each day.  The complaint further alleges that “Defendant’s facial recognition devices and associated software collect and capture biometric identifiers such as scans of an individual’s facial geometry, retinas, and irises.  Defendant also scans and records the workers’ temperatures.”

Jerinic alleges that Amazon’s practices violated BIPA because Amazon did not, inter alia, provide written notice regarding the biometric information being collected or stored.