bic bipa settlement com

June 24, 2025

Biometric Impressions just agreed to pay $10.85 million over fingerprints. It’s a big deal—not just for the people getting paid, but for any company using biometric tech in Illinois.


What actually happened?

Biometric Impressions Corp. (BIC), a company that runs fingerprinting services, got hit with a class action lawsuit. The problem? Between January 8, 2015, and August 14, 2023, they allegedly collected fingerprints without following Illinois’s strict biometric privacy law—BIPA.

And BIPA doesn’t play around. It says: if a company wants to take your fingerprint, scan your face, or do anything with your unique physical data, they need to ask first—in writing. Not just once. Not buried in fine print. No permission, no data.

BIC didn’t admit guilt. But they did agree to settle. And that’s where the $10.85 million comes in.

Wait—what is BIPA again?

It’s the Biometric Information Privacy Act, passed in Illinois back in 2008. It was ahead of its time. The law treats biometric data—like fingerprints, face scans, iris patterns—as incredibly sensitive.

Why? Because you can’t reset your fingerprint if it leaks. There’s no “change password” button for your face. BIPA makes it illegal for companies to collect, store, or use biometric data without following some very specific rules:

  • Written notice about what data they’re collecting and why.

  • Written consent before collecting anything.

  • A public policy for data retention and destruction.

  • No selling or profiting off biometric data.

Mess this up? You could be looking at $1,000 per person, per violation. If it’s intentional or reckless? That jumps to $5,000. Multiply that by thousands of people and… yeah, now you’re in multimillion-dollar territory.

So who’s getting paid?

Anyone fingerprinted by BIC between 2015 and 2023 could be eligible for a payout. That includes people who had background checks done through their services—often workers in healthcare, public safety, or other regulated fields.

The actual amount each person gets depends on how many people file claims. The $10.85 million fund also has to cover lawyer fees (usually around 30% of the pot), claim processing costs, and some bonuses to the folks who led the lawsuit.

Still, individual payments could land in the hundreds of dollars. Not bad for a fingerprint you didn’t even remember giving.

Why is this such a big deal?

Because this isn’t a one-off. Illinois is ground zero for biometric privacy lawsuits right now. Everyone from tech giants to staffing agencies is being dragged into court under BIPA.

Here are a few examples:

  • Six Flags had to settle for $36 million over fingerprint scan entry systems at the park.

  • Magid Glove paid $5.2 million because of biometric time clocks and temperature checks.

  • Clearview AI, the company that scraped billions of photos off the internet to build a facial recognition database, is giving up 23% of its value in a BIPA settlement.

And more are coming. Any company operating in Illinois and using biometric tools—think employee clock-in systems that scan your hand, or facial recognition in retail—is a potential target.

Can companies still use biometrics?

Yes. But only if they do it right.

That means:

  • Getting written consent from users or employees before collecting any biometric data.

  • Explaining how long the data will be kept and what it’s used for.

  • Making that policy publicly available.

  • Not selling, sharing, or using the data for any reason outside the stated purpose.

The big takeaway? Transparency is mandatory. Companies can’t just sneak in a fingerprint scanner and call it efficiency.

Why should anyone care?

Because it’s not just about corporations or class action settlements. It’s about control. Most people don’t realize how many businesses quietly collect and store biometric data—often without even a heads-up.

Fingerprint time clocks are everywhere now. Facial recognition is being tested in schools, airports, and shopping malls. Even your gym might scan your iris.

This case—and others like it—are a reminder that biometric data isn’t just another line in a spreadsheet. It’s your identity. And if someone mishandles it, the damage could be permanent.

What should employees or users do?

Start asking questions. If your workplace is using a fingerprint scanner or facial recognition, ask:

  • Did I sign a consent form?

  • Is there a written policy somewhere?

  • What happens to my data when I leave the job?

If the answer is fuzzy or dismissive, that’s a red flag.

What should businesses do?

Audit everything. Immediately.

Companies need to:

  • Review every system that collects biometric data.

  • Make sure they’re collecting informed, written consent.

  • Write (and follow) a clear policy about data use and destruction.

  • Keep that policy accessible.

It’s not optional. The lawsuits are too frequent—and too expensive—to ignore. BIC just wrote a $10.85 million check to learn that lesson.

Is this just an Illinois thing?

Right now, yes. BIPA is unique. No other state has anything quite as powerful. But others are catching up.

Texas and Washington have biometric laws, though they’re weaker. California has broader data privacy rules that cover biometrics. And several other states are debating similar bills.

Eventually, this might go national. But even without a federal law, companies operating in Illinois—or dealing with Illinois residents—have to play by BIPA rules.

Bottom line

The BIC settlement isn’t just another class action headline. It’s a signal. If your company handles biometric data in Illinois, the time for shortcuts is over. The law is clear. And courts are siding with individuals.

Fingerprints aren’t free data. That scan at the front desk? It could cost millions.

And companies that don’t get it yet? They’re probably next.