Medline and Con Tech Lighting Latest Illinois Employers Hit With Claims under BIPA

• Two Illinois employers, Con Tech Lighting and Medline Industries, are the latest to face claims alleging violations of Illinois’ Biometric Information Privacy Act.

• In the Con Tech complaint, the named plaintiff, who is seeking class certification, alleges that she was never informed “the specific limited purposes or length of time” for which her biometric information “would be collected, stored or disseminated.” The complaint seeks statutory damages of $5,000 for each willful or reckless violation and $1,000 for each negligent violation of BIPA.

• The complaint against Medline, which also seeks class certification, alleges that the plaintiff, who is no longer employed by the company, has been unsuccessful in getting the company to respond to her attempts to understand whether it maintained her fingerprints after she left the company. According to the complaint, the “[p]laintiff would not have provided her fingerprints to defendant had she known that defendant would retain such information for an indefinite period of time without her consent.”

• Both cases were filed in Cook County Circuit Court.

Class Actions

Class Action Filed Against Ticketfly for May Breach

  • Eventbrite Inc., the parent company for online ticket retailer Ticketfly, was sued in Illinois state court for a data breach that exposed the names, addresses, phone numbers, emails and passwords of approximately 26 million Ticketfly users.
  • According to the complaint, Ticketfly failed to adequately inform users about the incident, but simply established a “passive support page” and sent out a “single Tweet” to notify users about the incident.
  • The suit alleges breach of contract, negligence and violations of the Illinois consumer protection act, and seeks, in addition to class certification, unspecified damages and identity fraud monitoring and mitigation services “for a reasonable period of time.”

Data Breaches

Canadian-Based Recipe Unlimited Hit With Data Breach Affecting Point-of-Sale Terminals

  • Canadian restaurant chain Recipe Unlimited, which runs Swiss Chalet, Harvey’s, Milestones, Kelseys, Montana’s, Bier Markt, East Side Mario’s, The Landing Group of Restaurants and Prime Pubs, announced a data security incident that affected a “limited number” of its locations.
  • Reported as a “malware outbreak,” the company is “working diligently with third-party security experts and internal teams to resolve the situation as quickly and effectively as possible.”
  • Despite affecting the company’s point-of-sale terminals at various locations, preventing the processing of credit cards, it is unclear whether customers’ credit card data was accessed as part of the incident.

Federal Trade Commission

Senators Markey and Blumenthal Ask for Probe Under COPPA

  • Democratic Senators Markey (Mass.) and Blumenthal (Conn.) sent a letter to the Federal Trade Commission requesting the FTC investigate app developers, advertising companies and app stores for potential violations of the Children’s Online Privacy Protection Act (COPPA).
  • The senators raised concerns about recent research that suggests that “numerous apps directed at children have been accessing geolocation data and transmitting persistent identifiers without parental consent.”
  • The senators were especially concerned about “the practice of apps being improperly promoted as kid friendly when in fact the app engages in activity prohibited by COPPA.”


Facebook Under Scrutiny by Irish Data Protection Watchdog

  • Ireland’s Data Protection Commission (DPC) announced that it commenced an investigation into Facebook after Facebook’s announcement of a breach that allowed unauthorized access into approximately 50 million users’ accounts.
  • According to the DPC, Facebook informed the DPC that its “internal investigation is continuing and that the company continues to take remedial actions to mitigate the potential risk to users.”
  • Under GDPR, which allows regulators to fine companies as much as 4 percent of annual global turnover, Facebook could be subject to a fine of as much as $1.63 billion.