Skip to main content

Biometric Data Privacy

Your biometric data is invaluable. If your privacy is violated, The Lyon Firm can help.

Request a No-Cost & Confidential Consultation
Nationwide Success

Protect Your Biometric Privacy With The Lyon Firm

A biometric privacy lawyer is knowledgeable in legal matters related to the collection, use, storage, and protection of biometric information — data such as fingerprints, facial recognition info, and iris scans. The Lyon Firm can help you navigate the complex legal issues surrounding biometric data.

American Association for Justice badge

With more and more companies using biometric identifiers at the workplace—fingerprint time clocks, facial recognition technology, and iris scans—privacy rights advocates have been quick to question the legality of some employer biometrics data collection methods.

While new technology may create a more efficient workplace, data privacy risks must be addressed to protect individuals from potential biometric data misuse, data theft, and identity theft incidents. Without robust biometrics privacy laws on the books, many companies have created their own privacy and security standards. These sometimes fail to fully protect individuals, but there are legal protections for American workers.

If your biometric data is being stored unsafely, has been breached and used for identity theft, or if you have questions about the legality of workplace demands to supply your biometric information, we can help. Legal action can also be considered if employers request genetic tests or family medical history as a condition for employment.

Contact The Lyon Firm by using our confidential online form or by calling our offices directly at (513) 381-2333. Joe Lyon of The Lyon Firm is well-versed in cutting-edge litigation related to these new technologies. We can help you assert your privacy rights, file a claim for damages, and pursue a lawsuit to stop the overreach of your job, school, or other institutions into your most personal information.

5 stars
“Joe Lyon is an outstanding attorney. He is a forward thinker with his clients’ needs always top of mind. He is a brilliant strategist and incredibly resourceful. Highly recommend.”

– Melissa J. | Client

Why Is Biometric Data Privacy Important?

Biometric data is any personal information that can identify you based on physical characteristics or behaviors. It’s becoming more common in today’s world, used for everything from unlocking your phone to security systems at work. 

Basically, biometric data includes unique traits that make you, you. These can be physical features or patterns in the way you act. Examples include:

  • Fingerprints (including palm prints)
  • Finger and hand geometry 
  • Gait (the way you walk, run, or carry yourself)
  • Keystrokes (typing)
  • Signatures
  • Voice
  • Facial recognition
  • Iris or eye scans

What Is Considered a Biometric Privacy Breach?

A biometric data breach occurs when unauthorized individuals or entities gain access to, acquire, or misuse biometric information. Misuse could mean compromising the security, privacy, or integrity of your biometric data for any reason that you have not consented to, such as illegal identity theft or marketing data collection.

Here are some key elements that typically define a biometric data breach:

  • Data theft or disclosure: Unauthorized disclosure or theft of biometric data constitutes a breach. This means that the biometric information is exposed to individuals or entities that should not have access to it.
  • Data misuse: If the stolen or accessed biometric data is used for fraudulent purposes, such as identity theft, unauthorized access to secure systems, or other malicious activities, it is considered a breach.
  • Unauthorized access: Unauthorized access to biometric data is a fundamental aspect of a breach. This can involve hackers, malicious insiders, or any entity that gains access to biometric data without proper authorization.
  • Data acquisition: In a biometric data breach, the perpetrator may acquire the biometric data without the owner’s consent. This could involve stealing data from a database, capturing biometric data from a compromised device (like a cell phone), or intercepting data during transmission.
  • Failure to secure data: A biometric data breach can occur due to a failure on the part of the organization or entity responsible for safeguarding the data. This might involve inadequate security measures, poor encryption, or negligence in protecting the biometric information.
  • Legal or regulatory non-compliance: Many jurisdictions have specific laws and regulations governing the collection, use, and protection of biometric data (examples include BIPA in Illinois, CCPA in California). A breach that violates these laws can have legal consequences for the responsible entity.

Any of these breaches may be a violation you can file a legal claim over. Contact The Lyon Firm by calling (513) 381-2333 or filling out our online form to schedule a 100% free, fully confidential consultation regarding your options.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.

ABOUT THE LYON FIRM

Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.

NO COST UNLESS WE WIN

The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.

Why Should I Care About Biometric Data Security?

Biometric data breaches are significant because biometric information like fingerprints, facial recognition data, and iris scans are unchangeable parts of your identity.

This info is highly personal to individuals, and may become more important in the coming years for healthcare, identifying yourself with the government, or traveling internationally. Plus, unlike a password or PIN, biometric data is unique to you and can’t easily be changed. If someone gets access to your biometric information, it can be used in ways that are very hard to reverse.

An irresponsible or malicious breach now could have serious financial and personal consequences in the future. Biometric privacy concerns include:

  • Biometric Identity Theft: If your biometric data is stolen, it could be used to access secure systems, like your bank account, personal devices, or even identity documents. Unlike credit cards or passwords, your fingerprints or face can’t be “reset.”
  • Tracking and Surveillance: Some companies or even governments use biometric data for surveillance purposes. This can infringe on your privacy and potentially track your every move without you even knowing about it.
  • Security Breaches: Data breaches are on the rise, and biometric data is an attractive target for hackers. If breached, this data can be misused and is hard to recover since biometric traits are permanent. 

In 2024, over 1.7 billion data breach notices were issued across the United States, according to a report from the Identity Theft Resource Center (ITRC). This staggering figure represents a 312% increase from the 419 million notices sent in 2023. 

As breaches become more frequent, the risk to sensitive information, such as biometric data, increases, leaving individuals exposed to not just identity theft, but also potential financial fraud and unauthorized surveillance.

What Biometric Privacy Laws Exist to Protect My Data?

The use of biometric data is rapidly rising, and by 2025, the global biometric system market is expected to hit nearly $68.6 billion. However, with biometric data collection growing, the risks to your privacy are increasing.

In fact, by 2022, biometrics were enabled on 81% of smartphones, and by 2023, roughly 46% of airport passengers used biometrics for a quicker and smoother travel experience, up from 34% in 2022. Additionally, over 176 million Americans now use facial recognition technology. 

While these advancements make life more convenient, they also raise significant privacy concerns. The more widespread biometric technology becomes the greater the potential for misuse or exposure of your sensitive data. To protect your privacy, several states have adopted biometric data laws, such as the: 

  • Biometric Information Privacy Act (BIPA): Passed in Illinois in 2008, BIPA requires companies to get your consent before collecting biometric data, and it also mandates that they explain how the data will be used, stored, and destroyed. This law also gives individuals the right to sue if their biometric information is used without permission.
  • GIPA (Illinois Genetic Information Privacy Act): a statute meant to prohibit employers from requesting genetic testing and family medical histories as a condition for employment.
  • California Consumer Privacy Act (CCPA): Under the CCPA, businesses that collect personal information (including biometric data) must be transparent about the data they collect and allow consumers to opt out of its sale. Biometric data is defined in the CCPA to include physiological, biological, or behavioral characteristics, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings.
  • Stop Hacks and Improve Electronic Data Security (SHIELD) Act: New York passed this act to broaden the definition of private information to include biometric information. The law applies specifically in the employment context and prohibits fingerprinting “as a condition of securing employment or of continuing employment.”
  • Biometric Identifier Act: Texas has its own biometric privacy act which provides that a person cannot capture a biometric identifier without a prior consent and may not sell biometric data without consent. A company or person must use reasonable care in storing it, and “shall destroy the biometric identifier within a reasonable time.” Violators may face a civil penalty of $25,000 for each violation.
  • Biometric Privacy Protection Act: Washington passed biometric privacy legislation in 2017. The law prohibits any company or individual from entering biometric data into a database for a commercial purpose without providing notice, obtaining consent, or providing a mechanism to prevent the subsequent use of a biometric identifier for a commercial purpose.

Even with these laws in place, biometric privacy isn’t guaranteed. Data breaches are happening all the time, and hackers are constantly looking for ways to steal sensitive information, including biometric data. 

Also, many companies don’t fully comply with these laws, and enforcement can be weak. In some cases, it may take years for the legal system to catch up to the ever-evolving technology used to collect biometric data.

Can I File a Lawsuit If My Biometric Data Was Compromised?

Depending on your situation and how many people are affected, your attorney from The Lyon Firm may file an individual lawsuit on your behalf, or include you in a larger class action case:

  • In an individual lawsuit, your lawyer will typically negotiate a resolution outside of court, which may involve monetary compensation for damages, injunctive relief (requiring the responsible party to change its practices), or other legal remedies. The goal of an individual lawsuit is to resolve the matter without the need for a lengthy trial. It provides a more tailored solution for your specific situation. 
  • Class action lawsuits are filed when multiple individuals are affected by the same biometric data privacy violation and need the same solution. In these cases, a lawyer may file a class action lawsuit on behalf of a group of plaintiffs, resulting in larger payouts, quicker resolution, and fewer attorney fees.

Several companies have already faced legal action over biometric data violations, such as: 

No matter which path you choose, individual or class action, an experienced attorney from The Lyon Firm will guide you through the process, explain your data privacy rights, and help you understand what options will best serve you going forward. 

Even in today’s modern digital age, biometric data security is not something to be taken lightly. The unique nature of biometrics makes it extremely vulnerable to misuse. If your biometric data privacy was compromised, reach out to The Lyon Firm today online or by calling (513) 381-2333.

What Kind of Settlement Can Your Lawyer Secure Under Biometric Privacy Laws?

Here are some common remedies that a biometric invasion of privacy lawyer may seek on your behalf:

  • Fees per violation (statutory damages): Many biometric privacy laws allow individuals to seek statutory damages for each violation. These damages are typically set at a specific amount per violation, which can add up if multiple violations are proven.
  • Individual losses (actual damages): Individuals may be entitled to seek actual damages based on financial losses or other harm suffered as a result of the biometric privacy violation, like identity theft. A lawyer’s investigation and presentation of evidence will be essential to ensure all your losses are properly compensated.
  • Stop the wrongdoing (injunctions): A lawyer may seek injunctive relief to stop the defendant from continuing to collect, use, or store biometric data unlawfully. An injunction can be a powerful remedy to prevent further violations.
  • Deletion of biometric data (destruction): In some cases, individuals may seek an order requiring the defendant to delete or destroy the unlawfully collected biometric data to protect their privacy.
  • Handing over ill-gotten profits (equitable relief): Equitable remedies, such as returning or forfeiting profits obtained through the unlawful use of biometric data, may be sought to compensate individuals for the harm caused by the violation.

The specific outcome of a biometric privacy lawsuit and the type of settlement obtained will depend on the facts of the case, the strength of the evidence, and the negotiation skills of your lawyer.

Having an experienced data privacy lawyer on your side can significantly improve the outcome of your biometric data lawsuit, especially during negotiations. 


According to a 2016 Martindale-Nolo study, 70% of individuals who held out for a better deal in negotiations received settlements that were several times greater than those who accepted the first offer. A skilled lawyer can leverage their experience to ensure you don’t settle for less than what you’re entitled to.

Contact The Lyon Firm for Your Biometrics Privacy Concerns 

Data privacy concerns are being litigated more and more frequently as technology advances. These include workplace-related claims, as well as lawsuits over doorbell camera surveillance, health app data misuse, Facebook/Meta collection, storage, and usage of identifying biometric information.

To be clear, businesses aren’t prohibited from collecting the biometric data of their employees or clients, but they are required to disclose that they collect this data and must make their data collection policies public. Businesses are prohibited from selling your biometric data information without your consent and must create security systems to keep it secure.

Why Hire The Lyon Firm?

The Lyon Firm has nearly two decades of experience diligently identifying and pursuing biometrics invasion of privacy cases. Joe Lyon works with leading law firms across the country and challenges multi-national corporations in various negligent security cases.

We are actively reviewing cases for employer invasion of privacy on behalf of employees nationwide, as well as biometrics data theft violations that may qualify for large class action lawsuits. Our dedicated team has secured several substantial victories for victims of biometric data privacy breaches, including: 

  • Sherwood v. Horizon Actuarial: The Lyon Firm was part of the Plaintiffs’ Counsel in a data breach class action affecting over 4 million individuals, resulting in a final approval for an $8.7 million settlement.
  • Migliaccio v. Parker Hannifin Corp.: Appointed co-lead class counsel in a data breach class action involving 115,843 current and former employees, resulting in a final approval for a $1.75 million settlement.

An organization does not need to be located in your specific state to be subject to your state’s data privacy laws. This means national and international entities can be held liable for violations, like apps on your phone, or businesses that sell surveillance technology.

If you feel like your personal data has been collected without your consent, has been stored improperly, or has been leaked or accessed in a data breach, contact The Lyon Firm at (513) 381-2333 or fill out our quick online form today. Learn more about your privacy rights during your free, fully confidential consultation, and file a claim to seek justice for data privacy violations.

photo of biometrics data privacy attorney Joe Lyon

Reviewing Workplace Data Privacy Violations

Why Are Data Privacy Cases Important?

Without personal data privacy violation class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty. By holding companies accountable for safely storing your personal information, every consumer will have more control over how their data is used in the future.

CONTACT THE LYON FIRM TODAY

  • This field is for validation purposes and should be left unchanged.

Biometric Invasion of Privacy FAQs

What Are The Most Common Types Of Biometric Personal Data?

The most common biometric identifiers used for identification are fingerprints, photo and video facial recognition, and voice and signature scanners. Also, though rarely used at the moment, soon DNA scanners will become more affordable and enter into widespread commercial use.

What Are Examples Of Biometric Data Breaches?

Examples of biometric data breaches may include:

  • A security breach at a company that stores customer biometric data, leading to the unauthorized access of that data.
  • Theft or loss of a device (e.g., a smartphone) containing biometric data without proper encryption or security measures in place.
  • Unauthorized use of biometric data for identity theft or fraudulent access to secure systems.
  • An organization sharing biometric data with third parties without proper consent or security measures in place, leading to data exposure.

In the event of a biometric data breach, organizations are typically required to notify affected individuals and regulatory authorities, investigate the breach, and take measures to mitigate the impact and prevent future breaches. Failure to respond appropriately can result in legal and financial consequences that your lawyer can outline for you.

Why Are Employers Asking For Biometric Information?

American employers utilize employees’ biometric information to monitor working hours, restrict access to secure areas, provide fast system login, and monitor productivity and prevent wage theft. An employer should clarify the following in their personal data biometrics privacy policy:

  • The kinds of personal information collected and stored
  • The methods of how personal information is collected and stored
  • The purposes for which personal data is collected and used
  • How an employee may access their own personal data
  • How an individual may file a complaint if the employer breaches their privacy policy or privacy law

Corporations and businesses risk compliance issues if they fail to get proper consent from employees or fail to safeguard the biometrics they collect and store. In certain states employers can be sued for even requesting genetic testing or family medical history documents.

What Are Examples Of Settlements Employees Have Won For Biometric Data Breaches?

Here are notable examples of employee victories after workplace biometric data violations:

  • Walmart agreed to a $10 million settlement to nearly 22,000 workers over claims that the company required them to use a palm-scanning biometric device without obtaining written consent.
  • CONSOL Energy and Consolidation Coal Company was ordered to pay over $500,000 in damages to one Pittsburgh employee after he was illegally fired for refusing to use the employer’s biometric hand scanner to clock in and out.
  • GFL Environmental Services USA, a waste management company, agreed to settle a class action lawsuit filed by employees alleging that they failed to secure consent before obtaining palm print data for timekeeping. The settlement was for $200,000, with each class member expecting to receive approximately $1,500.

If your biometric data is being mishandled, contact The Lyon Firm at (513) 381-2333 to discuss your circumstances and explore your legal options.

Your Right to Justice
Learn About Class Action Litigation

Filing Class Action lawsuits is a complex and serious legal course and can carry monetary sanctions if proper legal course is not followed. The Lyon Firm is dedicated to assisting injured plaintiffs work toward a financial solution to assist in compensating for privacy violations or other damages sustained.

We work with law firms across the country to provide the most resources possible and to build your data privacy case into a valuable settlement. The current legal environment is favorable for workers and consumers involved in data privacy class actions.

data breach lawsuits
Discover the Ways We Can Help

Class Action Information Center