Privacy & Information Security Law Blog

On February 2, 2023, the Illinois Supreme Court reversed in part and remanded a judgment of the lower appellate court in a class action lawsuit alleging violation of the Illinois Biometric Information Privacy Act (“BIPA”).

In Jorome Tims v. Black Horse Carriers, Inc., Jorome Tims sued his former employer, Black Horse, and alleged that it violated (1) Section 15(a) of BIPA by failing to institute, maintain and adhere to a publicly available biometric information retention and destruction policy; (2) Section 15(b) of BIPA by failing to provide notice and to obtain consent when collecting his biometric information; and (3) Section 15(d) of BIPA by disclosing or otherwise disseminating his biometric information to third parties without consent.

The lower appellate court had ruled that two different limitations periods apply to a cause of action under BIPA: the one-year limitations period in 735 ILCS 5/13-201 (applicable to defamation torts) and the five-year “catchall” limitations period in 735 ILCS 5/13-205. The appellate court reasoned that the one-year limitations period applies to claims based on section 15(c) and 15(d) of the Act where “publication or disclosure of biometric data is clearly an element” of the claim, and the five-year limitations period applies to section 15(a), 15(b), and 15(e) of the Act because “no element of publication or dissemination” exists in those claims.

The Illinois Supreme Court found that the appellate court erred when it applied two different limitations periods to a cause of action under BIPA, and that the five-year limitations period contained in section 13-205 of the Code controls claims under BIPA.

Because BIPA itself does not specify a statute of limitations, this case provides significant guidance to future BIPA cases.