Client Alerts

Illinois Supreme Court Rules Workers’ Compensation Act Does Not Bar Claims Under BIPA

By: Frances Floriano Goins

About: Cybersecurity & Privacy

February 8, 2022 – The Illinois Biometric Information Privacy Act (BIPA 740 ILCS 14/1 et seq.) requires employers to notify employees and other individuals before collecting their biometric identifiers such as fingerprints (click here to read our last client alert on BIPA). If the employer fails to provide notice first, the affected employee may bring a lawsuit.

But the ability of an employee to bring a claim in court under BIPA seemingly conflicts with the exclusivity provisions of the Illinois Workers’ Compensation Act, which requires employees to bring most employment-related injury claims before the Illinois Workers’ Compensation Commission. Defendants have alleged that the Workers’ Compensation Act (820 ILCS 305/1 et seq.) preempts claims brought under BIPA. This issue was resolved last Thursday by the Illinois Supreme Court in McDonald v. Symphony Bronzeville Park, LLC, 2022 IL 126511 (Feb 3, 2022), which held that the Workers’ Compensation Act does not bar employee claims brought under BIPA.

The plaintiff in McDonald worked at one of the defendants’ post-acute care facilities, which utilized a biometric information system requiring the plaintiff to scan her fingerprint as a means of authenticating her identity and tracking her time. The plaintiff alleged that she was never provided, nor did she sign, a release consenting to storage of her biometric information, and that she had never been informed of the purposes or length of time for which her biometric information was being stored, all in violation of BIPA. The plaintiff brought a putative class action lawsuit in Illinois state court.

The defendants sought to dismiss the lawsuit, arguing the Workers’ Compensation Act precluded the plaintiff’s action in court because the alleged injury occurred in the course of her employment and that it must therefore be adjudicated before the Illinois Workers’ Compensation Commission. Indeed, the Workers’ Compensation Act contains two exclusivity provisions, which the Illinois Supreme Court has indicated “provides the exclusive means by which an employee can recover against an employer for a work-related injury.” But the Illinois Supreme Court has also stated that “an employee can escape the exclusivity provisions of … the [Workers’ Compensation] Act if the employee establishes that the injury (1) was not accidental; (2) did not arise from his employment; (3) was not received during the course of employment; or (4) was not compensable under the [Workers’ Compensation] Act.”

The plaintiff in McDonald argued that the fourth exception to the Workers’ Compensation Act’s exclusive-remedy provision applied, i.e., that her injuries are not “compensable” under the Workers’ Compensation Act. The Illinois Supreme Court agreed, stating “[b]ecause the injury alleged is not the type of injury compensable in a workers’ compensation proceeding, McDonald’s lawsuit is not preempted by the exclusive-remedy provisions of the Compensation Act.” The Court concluded that: “McDonald may pursue her Privacy Act claims on her behalf and on behalf of the putative class in an action in the circuit court, rather than through a claim before the Workers’ Compensation Commission, because McDonald’s and the putative class’s alleged injury is not one that ‘categorically fits within the purview of the [Workers’ Compensation] Act.’”

This case has been followed closely by businesses in Illinois. In fact, multiple employers, including those from the hospitality, energy, manufacturing, and health care sectors, filed briefs as amici curiae in support of the defendants. The Illinois Supreme Court’s decision has now eliminated one potential defense to a BIPA claim, leaving employers more vulnerable to liability if they fail to implement the employee protections BIPA requires.

Ulmer’s Cybersecurity & Privacy Practice Group continues to follow this developing issue. If you have any additional questions, please reach out to our experienced data privacy attorneys.

The information provided in this client alert speaks only to the information and guidance we have available as of the date of publication and is subject to change. We will continue to follow further issued guidance and regulations and endeavor to post those updates via our website. Please continue to follow these updates at This legal update was created by Ulmer & Berne LLP, and is not intended as a substitute for professional legal advice. Receipt of this client alert, by itself, does not create an attorney client relationship. For any questions, or for further information, please contact Frances Floriano Goins at