Privacy & Cybersecurity Law Blog

On December 20, 2022, a former employee in Illinois brought a class action suit against Five Guys Enterprises, LLC (“Five Guys”), a burger chain, alleging that Five Guys violated the Illinois Biometric Information Privacy Act (“BIPA”). 

According to the complaint filed in the Northern District of Illinois Eastern Division, Five Guys utilizes a time clock system that require employees to scan and input their fingerprints or thumbprints to log in and out of the time clock system. The suit was brought by a former shift manager and the proposed class includes all current and former employees of Five Guys in Illinois, who had their biometric information or biometric identifiers collected, captured and otherwise obtained by Five Guys’ fingerprint or thumbprint based time clock technology within the last five years.  

Five Guys allegedly failed to obtain informed written consent from its employees prior to the collection of their biometric identifiers or biometric information in violation of BIPA. The complaint further alleges that Five Guys failed to develop and publish written policies regarding the retention and destruction of biometric identifiers and biometric information, as is required by BIPA. In addition, the complaint alleges that Five Guys does not destroy biometric identifiers or biometric information after the “initial purpose for collecting or obtaining such identifiers or information has been satisfied,” as required by BIPA. In effect, Five Guys’ failure to comply with BIPA has allegedly resulted in the unlawful retention of the plaintiff and proposed class members’ biometric identifiers and biometric information and resulted in harm to such individuals. 

Under BIPA, a prevailing party may recover liquidated damages of $1,000 or actual damages, whichever is greater, against an entity that negligently violates the law. If the entity intentionally or recklessly violates BIPA, the prevailing party may recover liquidated damages of $5,000 or actual damages, whichever is greater. The complaint states, “[g]iven the length of the plaintiff’s employment with [Five Guys], and the number of times plaintiff’s biometric information was used by [Five Guys’] biometric time clock system, the plaintiff could recover more than $75,000 in statutory damages by merely using [Five Guys’] technology a minimum of seventy-five (75) times.”