BIPA: How it May Affect You

Does your employer require your fingerprint when you clock in for work? That fingerprint is considered private biometric information. BIPA is the Illinois law that protects its use. Experts Lee Neubecker and David Rownd share how this law affects employers that have Illinois based employees.

Biometric Information Privacy Act (BIPA) is a law that covers the employer’s use of biometric information of its employees. Biometrics are the physiological means to gather an individual’s uniqueness. The oldest most widely used is a fingerprint but other biometric identifiers may be also used such as; facial recognition, photos, retina scan, voice recognition, ear shape, and hand scans all are considered private biometric information. The Illinois BIPA law is designed to govern, secure, store and prohibit the sale of biometric information. Forensic Expert Lee Neubecker and David Rownd from Vedder Price discuss how BIPA may affect employers that have satellite offices in Illinois.

Part 1 of a 3 Part Series on Illinois’ Biometric Information Protection Act

The Video Transcript on BIPA: How It May Affect Employers in Illinois.

Lee Neubecker (LN): Hi I am here again with David Rownd from Vedder Price. Thanks for being on the show David

David Rownd (DR): Thanks for having me

LN: David is an attorney that specializes in defending class action lawsuits also employment litigation, trade secret theft, and misappropriation. I asked him to come on the show today to talk a little bit about BIPA which is the Illinois Biometric Information Protection Act and specifically he deals with a lot of trading security-related financial services firms and since that law applies to Illinois and many trading firms in New York have satellite offices I wanted him to talk a little bit about the act and some of the concerns that employers should have if they have employees working in Illinois. So, David, can you tell us a little bit about BIPA what it is and what it entails?

DR: Basically it covers the employers use of biometric information of its employees and this can be a retinal scan it can be a fingerprint it can be a number of different things and it can be used for time cards access to the workplace and things like that and employers are using biometric information because its an easy way to keep track of employees. However, it is also a privacy issue and that’s where the BIPA comes in and BIPA is intended to regulate employers ability to utilize biometric information and put certain requirements on them for notifying employees they are using it and notifying employees why they are using it keeping written records of the biometric information and it specifically prohibits the sale of biometric information to third parties.

LN: It’s especially troublesome too because if you lose your biometric unique identifiers you can’t necessarily get those back unlike a social security number you could replace a social security number but if someone is able to copy your retina scan your fingerprints what not it could cause a lot of permanent damage.

DR: That’s true you only get one of those things

LN: So we will be talking later in the series next well be talking a little bit about what employers should do before they land in trouble with BIPA to help protect against finding themselves embroiled in litigation and then finally we’ll talk a little bit about some of the national happenings with Facebook and other entities who have been en snagged in the BIPA trap and we’ll conclude with there so thanks for being on the show today.

DR: Oh thanks for having me.

View related Employment Litigation articles on our website.

EMR or Electronic Medical Records May Contain Private Biometric Information
Forensic Data Collection can be used in cases where ESI is breached or stolen
Private Biometric Information is Electronically Stored Information (ESI) and governed by BIPA
An individual’s photo is considered biometric information.

Employment Litigation articles

Learn More about Illinois BIPA Litigation

http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57

Protection under BIPA

https://www.vedderprice.com/

Cell Phone Privacy

One can’t overstate how much of our personal lives we reveal to our smartphones and that includes criminals too. Watch this three-part series to learn more.

Introduction of our four-part series on Mobile Phone Privacy and Security.

Cell phone privacy is a real concern for both individual users and law enforcement. Literally, everything you do on your smartphone or any other device is vulnerable and completely defenseless against criminals and sometimes the government. Think about what you have on your phone and how it’s used on a daily basis. All of your personal contacts, photos, videos, text messages, emails, online bank or other accounts, GPS locations data, basically, your history of who, what, where, when and how about yourself all exist on your smartphone. We can’t overstate how much of our personal lives are revealed and how much our cell phones are vulnerable if disclosed to unauthorized parties.

Guess what? Criminals have cell phones too, and their information can lead to not only solving a crime but saving lives. Law enforcement agencies continue to call for access to encrypted communications and devices, while tech companies warn that doing this would weaken the protection and allow potential criminals to take advantage of that same access. Leading computer forensics expert Lee Neubecker, CEO & President of Enigma Forensics discusses the issues relating to cell phone privacy and the government’s desire to have a back door into your smartphone with the Data Diva, Debbie Reynolds of Debbie Reynolds Consulting.

Cell Phone Privacy: Part 1 of 4

The video discussion transcript follows.

Lee Neubecker: Hi, it’s Lee Neubecker again, and I have “the Data Diva”, Debbie Reynolds back on my show again.

Debbie Reynolds: Hi!

LN: Thanks for being on.

DR: Thank you, Lee, for having me. I’m happy to be here.

LN: So we’re going to try something new. Instead of doing a big long eight to ten-minute video clip, we’re going to do a multi-part series, and this one’s going to be on the topic of…

DR: Cell phone forensics and recent incidents in the news having to do with the government asking private companies to unlock or create back doors to cell phones.

LN: Yeah, so cell phone privacy is an issue that many people are concerned about There’s a legitimate national interest in being able to investigate when terrorists use cell phones to conduct attacks. But there are also some concerns that every business should be concerned about if there’s a single back door key because we know the government can’t keep their keys in place. At least that’s what happened to the FBI, the NSA, then other agencies that were breached following the OPM breach.

DR: That’s right.

LN: So in the first segment of our four-video series, were going to be talking about what was reported by the Inspector General’s report from the FBI involving the San Bernardino terrorists when they wanted to get into the cell phone.

DR: Right. And next, we are going to talk about the privacy issues related to the FBI or possibly companies creating back doors, the court issues, the key solutions, and also the imperatives of organizations or companies not wanting to create these types of vulnerabilities in their inventions.

LN: Then you’ll get to hear us banter a little bit about what we think should happen

DR: That’s right.

LN: And then finally, in our last segment, the Pensacola Navy Yard station shooting that happened just this week. The FBI again approached Apple wanting help to get into the phone because they haven’t been able to get into the phone, and they’re wanting to know who else was involved, who they were texting with and whatnot so that they can help prevent other such attacks. So, that will be the wrap-up, and we welcome your comments on the website, your likes, and feel free to check out our video and share it.

DR: Thank you.

LN: Thanks a bunch.

Watch the Next Segment on Cell Phone Privacy: Part 2 of 4 continued

More to read about Cell Phone Vulnerabilities

Robocall Legislative Update

Are robocalls driving you nuts?

Cyber Security & Computer Forensics Expert Lee Neubecker and Data Privacy Expert Debbie Reynolds discuss recent efforts to pass legislation in the House and Senate that would hold telecommunication providers responsible for addressing the ever growing tide of robocalls disrupting consumers and businesses. Existing laws such as the Telephone Consumer Protection Act (TCPA) have proven effective in blocking off shore robocalls. VOIP technology allows for robocall centers to systematically dial U.S. consumers and businesses from beyond the legal reach of our court system. Popular spoofing techniques such as Neighborhood Calling often impersonate the first 6 digits of the call receiver’s phone number in the hope of enticing that call receiver to answer a call. Neubecker and Reynolds both share their frustrations with the current situation and are hopeful the U.S. Senate and the President will take immediate action to pass updated privacy legislation protecting us all from spam robocalls.

The transcript of the video follows:

Lee Neubecker: I’m here today with Debbie Reynolds. We’re going to be talking a little bit about robocall and some new legislation coming our way. Those annoying phone calls we all get on our cellphones.

Debbie Reynolds: That’s right.

Lee Neubecker: Have you gotten any calls where it’s the first six digits of your phone number?

Debbie Reynolds: Yes!

Lee Neubecker: That’s called “neighborhood calling”. And basically, what the bad guys are doing is that they’re using VOIP technology to spoof, and they’re plugging in any number. So they can actually impersonate people you know. But they do this because they think that it increases the likelihood that you’ll answer the phone. In fact, for me, when I see those first six digits, I’m not even going to answer it.

Debbie Reynolds: Oh, absolutely. Absolutely. It’s wrong or what now?

Lee Neubecker: One of the big problems we have is no one’s taking accountability for this. I heard AT&T is trying to force some authentication mechanisms, but there needs to be some more teeth on this so that people can’t just impersonate phone numbers, or we’ll never get through this.

Debbie Reynolds: Absolutely, absolutely. Actually, so, thankfully this law passed, right?

Lee Neubecker: Well, it’s going through. It passed under the House, overwhelmingly

Debbie Reynolds: Overwhelming, yeah.

Lee Neubecker: They’re hoping that… It said it could happen by 2020, perhaps?

Debbie Reynolds: Okay, that’d be good.

Lee Neubecker: But it’s got to… I think they have to reconcile the two bills, the House and senate, and then the President has to sign it. But by the show of votes, I think everyone’s in favor of let’s tackle all these annoying robocalls.

Debbie Reynolds: Absolutely. So the FCC, they really made a lot of headway many years ago on the Do Not Call Registry, so this will be sort of another layer to that, that the FCC is sort of looking at. I don’t know about you, but I’m very annoyed when I get robocalls, so I’m not happy about this. Maybe it will happen after the election, because the election, people like to be robocalled.

Lee Neubecker: I get tons of calls from people wanting to lend me money, They will ring my phone once and then it will hit my voicemail. This woman keeps calling, saying, I want to speak to you. It’s like, and it’s not even a real person, It’s all automated. It’s annoying.

Debbie Reynolds: Oh, my goodness. Well, one interesting thing about the law, or the one that they’re anticipating, or trying to pass, that I haven’t seen in other laws like this, they’re trying to force companies to create technology, to be able to tell a robocall.

Lee Neubecker: The carriers need to enforce it. The carriers have to stop allowing unsecured VOIP to impersonate calls.

Debbie Reynolds: Right. The House does not allow it, but they specifically said they have to create, if it does exist, they have to create some technology to make sure they can tell a robocall from a normal call?

Lee Neubecker: It’s basically like, we’re going to block any call that isn’t using a means of identity verification. Right now, it’s about a bust.

Debbie Reynolds: And they can’t charge for it, so it’s not like an extra fee. I’m sure what’ll happen is they’ll do you another fee and then call it something else, but it’ll be probably just robocalls.

Lee Neubecker: The act also increased the penalty. Current legislation, the TCPA, the Telephone Consumer Protection Act, dealt with spam faxes, calls, and what-not, but the robocall act is going to produce penalties I think to ten thousand dollars each.

Debbie Reynolds: Per incident.

Lee Neubecker: Per incident.

Debbie Reynolds: So that’s a lot.

Lee Neubecker: So that’s going to drive my TCPA consulting business, because that’s work.

Debbie Reynolds: Yeah, absolutely. Well, if it actually makes it, I’m sure the thing about the $10,000 per incident and also, forcing companies to create technology to be able to tell what’s a robocall, corporations or the carriers are probably going to fight that. So, we’ll see.

Lee Neubecker: Yeah. So Debbie, what are the likely impacts on the litigation environment, as you see it? If this legislation goes through?

Debbie Reynolds: Well, first of all, there will be companies that will, uh, I’m sure there will be consumer groups that want to bundle together consumer complaints and probably go after these carriers to try to get these big fines or whatever. So, this could be tying up the legislation for a while. Once the lawyers get their fees, You’ll probably want to get the $10,000 per incident.

Lee Neubecker: It’s going to make it a lot more, in my opinion, they will make it much easier to actually identify who’s behind it, because right now people are using proxy phone numbers to call and many of them are just total scams run out of the country. You can’t– A Nigerian spam call center, we can’t really go after, but if our carriers say they’re going to block these rogue, foreign VOIP connections, then it will make it more secure. Ultimately, you’ll probably have people who opt in to the insecure network, and people who want a secure-only platform where it’s no use calling them.

Debbie Reynolds: I agree.

Lee Neubecker: Thank you for being on the show today. It was great to have you on again. I love your scarf.

Debbie Reynolds: Thank you.

Lee Neubecker: You always have interesting scarves.

Debbie Reynolds: Thank you. A pleasure.

Lee Neubecker: We’ll see you soon.

Debbie Reynolds: Okay, bye bye.

Debbie Reynolds Contact Info

datadiva at debbiereynoldsconsulting dot com
312-513-3665
https://www.linkedin.com/in/debbieareynolds/
https://debbiereynoldsconsulting.com/