Under the Illinois Biometric Information Privacy Act (BIPA), companies using biometric data risk noncompliance and could face significant fines per violation. In June, a federal district court reversed its award of $228 million to a class of plaintiffs alleging breach of BIPA, finding that the amount of damages under BIPA is discretionary, not mandatory.
