New York may soon restrict employers and employment agencies from using fully-automated decision making tools to screen job candidates or make other employment decisions that impact the compensation, benefits, work schedule, performance evaluations, or other terms of employment of employees or independent contractors. Draft Senate Bill 7623, introduced August 4, aims to limit the use of such tools and requires human oversight of certain final decisions regarding hiring, promotion, termination, disciplinary, or compensation decisions. Senate Bill 7623 also significantly regulates the use of certain workplace monitoring technologies, going beyond the notice requirements for workplace monitoring operative in New York since May 2022 and introducing data minimization and proportionality requirements that are becoming increasingly common in US state privacy laws.

While there is not yet a federal law focused on AI (the Biden administration and federal agencies have issued guidance documents on AI use and are actively studying the issue), a number of cities and states have introduced bills or resolutions relating to AI in the workplace. These state and local efforts are all at different stages of the legislative process, with some paving the path for others. For example, New York City’s Local Law 144 took effect on July 5, prohibiting employers and employment agencies from using certain automated employment decision tools unless the tools have undergone a bias audit within one year of the use of the tools, information about the bias audit is publicly available, and certain notices have been provided to employees or job candidates (read more here).

If enacted, Senate Bill 7623 would take things much further. Here are some of the most significant implications of the draft legislation:Continue Reading Check Yourself Before You Wreck Yourself: New York and Other States Have Big Plans For Employer Use of AI and Other Workplace Monitoring Tools

The Illinois Supreme Court just handed union employers with broad management rights clauses in their collective bargaining agreements (CBA) a win. On March 23, 2023 the Illinois Supreme Court affirmatively answered a certified question (Does Section 301 of the Labor Management Relations Act preempt BIPA claims asserted by bargaining unit employees covered by a collective

Illinois employers, do you utilize any workforce monitoring or security measures, such as time clocks, that involve individuals’: 

  • Fingerprints
  • Retina or iris scans
  • Scans of hand or face geometry
  • Voiceprints
  • Biometric information (information based on the above that is used by the company to identify an individual)

If so, read ahead because the Illinois Supreme Court just decided that doing so, without strict compliance with the Illinois Biometric Information Privacy Act (BIPA), could be a multi-billion dollar mistake.

In Cothron v. White Castle System, Inc. (issued February 17, 2023), the Court held that a separate BIPA claim accrues each time a private entity scans or transmits an individual’s biometric identifier or information in violation of section 15(b) or 15(d) of BIPA–not just the first time. Employers subject to BIPA now have no margin of error, because noncompliance with sections 15(b) or 15(d) of BIPA could mean cost-prohibitive–even ruinous–damages for the company.Continue Reading BIPA Liability in the Billions? Illinois Employers Beware: Claims Accrue with EACH Separate Scan or Transmission

Employers will now have to contend with a five-year statute of limitations for all employee claims under the Illinois Biometric Information Privacy Act (BIPA). On February 2, 2023, in Tims v. Black Horse Carriers, the Illinois Supreme Court held that a five-year statute of limitations applies to all BIPA claims—even those that are tied to the publication of an individual’s data and could presumably be subject to a one-year limitations period “for publication of matter violating the right of privacy.” The Court held that the legislative intent and purpose of BIPA, and the fact that BIPA does not have its own statute of limitations, favor all BIPA claims being subject to the state’s “catchall” five-year limitations period.

What happened

Plaintiff Tims filed a class-action complaint against his former employer, Black Horse, alleging that Black Horse violated section 15(a) of BIPA (providing for the retention and deletion of biometric information), and sections 15(b) and 15(d) of BIPA (providing for the consensual collection and disclosure of biometric identifiers and biometric information). Specifically, Tims alleged that Black Horse required its employees to use a fingerprint authentication time clock, and that Black Horse violated BIPA because it (1) failed to institute, maintain, and adhere to a publicly available biometric information retention and destruction policy required under section 15(a); (2) failed to provide notice and to obtain employees’ consent when collecting their biometrics, in violation of section 15(b); and (3) disclosed or otherwise disseminated employees’ biometric information to third parties without consent in violation of section 15(d).

Black Horse moved to dismiss the complaint as untimely, arguing that it was barred by the one-year statute of limitations in section 13-201 of the Illinois Code of Civil Procedure (Code). Black Horse argued that claims brought under BIPA concern violations of privacy, therefore the one-year limitations period in section 13-201 governing actions for the “publication of matter violating the right of privacy” should apply to such BIPA claims.

The circuit court rejected Black Horse’s argument, and denied the motion to dismiss. In doing so, the court held that violations of all three sections of BIPA were subject to Illinois’ “catchall” five-year limitations period in section 13-205 of the Code.

The appellate court, however, distinguished the applicable statute of limitations under BIPA based on the type of violation alleged. It held that violations of section 15(c) (prohibiting the sale, lease, trade or other profit from biometric information) and 15(d) (prohibiting the disclosure, redisclosure or dissemination of biometric information) were subject to the one-year limitations period in section 13-201 of the Code, while violations of section 15(a) (requiring a written policy with a retention schedule and guidelines for destroying biometric information), 15(b) (requiring notice and the specific purpose and length of collection of biometric information prior to collection), and 15(e) (requiring confidentiality and protective measures in the storage and transmission of biometric information) were subject to the five-year “catchall” limitations period in section 13-205.Continue Reading One Limitations Period for All: Illinois Supreme Court Holds All Claims Under BIPA Have a Five-Year Statute of Limitations