Skip to main content

Biometric Data Privacy Attorney

The Lyon Firm is actively reviewing Biometrics Data Privacy Class Action Lawsuits on behalf of employees nationwide
Nationwide Success

How Can a Biometric Privacy Lawyer Help You?

A biometric privacy lawyer is knowledgeable in legal matters related to the collection, use, storage, and protection of biometric information — data such as fingerprints, facial recognition info, and iris scans. The Lyon Firm can help you navigate the complex legal issues surrounding biometric data.

With more and more companies using biometric identifiers at the workplace—fingerprint time clocks, facial recognition technology, and iris scans—privacy rights advocates have been quick to question the legality of some employer biometrics data collection methods.

While new technology may create a more efficient workplace, data privacy risks must be addressed to protect individuals from potential biometric data misuse, data theft, and identity theft incidents. Without robust biometrics privacy laws on the books, many companies have created their own privacy and security standards. These sometimes fail to fully protect individuals, but there are legal protections for American workers.

If your biometric data is being stored unsafely, has been breached and used for identity theft, or if you have questions about the legality of workplace demands to supply your biometric information, we can help.

Contact The Lyon Firm by using our confidential online form, or by calling our offices directly at (513) 381-2333. Joe Lyon of The Lyon Firm is well-versed in cutting-edge litigation related to these new technologies. We can help you assert your privacy rights, file a claim for damages, and pursue a lawsuit to stop the overreach of your job, school, or other institutions into your most personal information.

What Is Considered a Biometric Data Breach

A biometric data breach occurs when unauthorized individuals or entities gain access to, acquire, or misuse biometric information. Misuse could mean compromising the security, privacy, or integrity of that data for any reason that you have not consented to, such as illegal identity theft or marketing data collection.

Here are some key elements that typically define a biometric data breach:

  • Data theft or disclosure: Unauthorized disclosure or theft of biometric data constitutes a breach. This means that the biometric information is exposed to individuals or entities that should not have access to it.
  • Data misuse: If the stolen or accessed biometric data is used for fraudulent purposes, such as identity theft, unauthorized access to secure systems, or other malicious activities, it is considered a breach.
  • Unauthorized access: Unauthorized access to biometric data is a fundamental aspect of a breach. This can involve hackers, malicious insiders, or any entity that gains access to biometric data without proper authorization.
  • Data acquisition: In a biometric data breach, the perpetrator may acquire the biometric data without the owner’s consent. This could involve stealing data from a database, capturing biometric data from a compromised device (like a cell phone), or intercepting data during transmission.
  • Failure to secure data: A biometric data breach can occur due to a failure on the part of the organization or entity responsible for safeguarding the data. This might involve inadequate security measures, poor encryption, or negligence in protecting the biometric information.
  • Legal or regulatory non-compliance: Many jurisdictions have specific laws and regulations governing the collection, use, and protection of biometric data (examples include BIPA in Illinois, CCPA in California). A breach that violates these laws can have legal consequences for the responsible entity.

Any of these breaches may be a violation you can file a legal claim over. Contact The Lyon Firm by calling (513) 381-2333 for a free, fully confidential consultation regarding your options.

What Can Be Done With Leaked Biometric Data?
Biometric data breaches are significant because biometric information like fingerprints, facial recognition data, and iris scans are unchangeable parts of your identity.

This info is highly personal and unique to individuals, and may become more important in the coming years for healthcare, identifying yourself with the government, or traveling internationally. An irresponsible or malicious breach now could have serious financial and personal consequences in the future.

What Kind of Settlement Can Your Lawyer Secure Under Biometric Privacy Laws?

Here are some common types of settlements or remedies that a biometric privacy lawyer may seek on your behalf:

  • Fees per violation (statutory damages): Many biometric privacy laws allow individuals to seek statutory damages for each violation. These damages are typically set at a specific amount per violation, which can add up if multiple violations are proven.
  • Individual losses (actual damages): Individuals may be entitled to seek actual damages based on financial losses or other harm suffered as a result of the biometric privacy violation, like identity theft. A lawyer’s investigation and presentation of evidence will be essential to ensure all your losses are properly compensated.
  • Stop the wrongdoing (injunctions): A lawyer may seek injunctive relief to stop the defendant from continuing to collect, use, or store biometric data unlawfully. An injunction can be a powerful remedy to prevent further violations.
  • Deletion of biometric data (destruction): In some cases, individuals may seek an order requiring the defendant to delete or destroy the unlawfully collected biometric data to protect their privacy.
  • Handing over ill-gotten profits (equitable relief): Equitable remedies, such as returning or forfeiting profits obtained through the unlawful use of biometric data, may be sought to compensate individuals for the harm caused by the violation.

The specific outcome of a biometric privacy lawsuit and the type of settlement obtained will depend on the facts of the case, the strength of the evidence, and the negotiation skills of your lawyer.

It’s essential to consult with an experienced biometric privacy lawyer who can assess your case, advise you on potential remedies, and work to secure the best possible settlement on your behalf.

Individual vs. Class Action Lawsuits — What’s the Difference?
Depending on your situation and how many people are affected, your attorney from The Lyon Firm may file an individual lawsuit on your behalf, or include you in a larger class action case:

  • Individual lawsuits are often negotiated outside of court, and can include monetary compensation, injunctive relief, and other remedies, allowing both parties to resolve the dispute without a trial.
  • Class action lawsuits are filed when multiple individuals are affected by the same biometric privacy violation, and need the same solution. In these cases, a lawyer may file a class action lawsuit on behalf of a group of plaintiffs, which can result in larger payouts, quicker resolution, and fewer attorney fees.

Your lawyer will explain all your options so you can decide which is the best path forward for securing justice.

Contact Biometric Privacy Lawyers at The Lyon Firm

Data privacy concerns are being litigated more and more frequently as technology advances. These include workplace-related claims, as well as lawsuits over doorbell camera surveillance, health app data misuse, and Facebook/Meta collection, storage, and usage of identifying biometric information.

To be clear, businesses aren’t prohibited from collecting the biometric data of their employees or clients, but they are required to disclose that they collect this data and must make their data collection policies public. Businesses are prohibited from selling your biometric data information without your consent, and must create security systems to keep it secure.

Why Hire The Lyon Firm?

The Lyon Firm has years of experience in diligently identifying and pursuing biometrics invasion of privacy cases. Joe Lyon works with leading law firms across the country, and challenges multi-national corporations in various negligent security cases.

We are actively reviewing cases for employer invasion of privacy on behalf of employees nationwide, as well as biometrics data theft violations that may qualify for large class action lawsuits. An organization does not need to be located in your specific state to be subject to your state’s data privacy laws. This means national and international entities can be held liable for violations, like apps on your phone, or businesses that sell surveillance technology.

If you feel like your personal data has been collected without your consent, has been stored improperly, or has been leaked or accessed in a data breach, contact Joe Lyon and The Lyon Firm at (513) 381-2333. Learn more about your privacy rights during your free, fully confidential consultation, and file a claim to seek justice for data privacy violations.

photo of biometrics data privacy attorney Joe Lyon

Reviewing Workplace Data Privacy Violations

Why are Data Privacy Cases important?

Without personal data privacy violation class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty. By holding companies accountable for safely storing your personal information, every consumer will have more control over how their data is used in the future. 


  • This field is for validation purposes and should be left unchanged.

Biometric Invasion of Privacy FAQs

What are the different types of biometric personal data?

The most common biometric identifiers used for identification are:

  • Fingerprints: Fingerprint scanners have become the most common biometric tools, used by over 50 percent of American companies.
  • Photo and video facial recognition: Cameras may be used for facial recognition and retinal scans. Some other image-based authentication technology includes hand geometry recognition.
  • Voice recognition & signature scanners: Audio technology has improved in recent years with voice recognition, and digital signature scanners may also be used to authenticate an individual.

Though rarely used at the moment, in the near future DNA scanners become more affordable and enter into widespread commercial use.

What are examples of biometric data breaches?

Examples of biometric data breaches may include:

  • A security breach at a company that stores customer biometric data, leading to the unauthorized access of that data.
  • Theft or loss of a device (e.g., a smartphone) containing biometric data without proper encryption or security measures in place.
  • Unauthorized use of biometric data for identity theft or fraudulent access to secure systems.
  • An organization sharing biometric data with third parties without proper consent or security measures in place, leading to data exposure.

In the event of a biometric data breach, organizations are typically required to notify affected individuals and regulatory authorities, investigate the breach, and take measures to mitigate the impact and prevent future breaches. Failure to respond appropriately can result in legal and financial consequences that your lawyer can outline for you.

Why are employers asking for biometric information?

American employers utilize employees’ biometric information to monitor working hours, restrict access to secure areas, provide fast system login, or monitor productivity and prevent wage theft. An employer should clarify the following in their personal data biometrics privacy policy:

  • The kinds of personal information collected and stored
  • The methods of how personal information is collected and stored
  • The purposes for which personal data is collected and used
  • How an employee may access their own personal data
  • How an individual may file a complaint if the employer breaches their privacy policy or privacy law

Corporations and businesses risk compliance issues if they fail to get proper consent from employees or fail to safeguard the biometrics they collect and store.

What are examples of settlements employees have won for biometric data breaches?

Here are notable examples of employee victories after workplace biometric data violations:

  • Walmart agreed to a $10 million settlement to nearly 22,000 workers over claims that the company required them to use a palm-scanning biometric device without obtaining written consent.
  • CONSOL Energy and Consolidation Coal Company was ordered to pay over $500,000 in damages to one Pittsburgh employee after he was illegally fired for refusing to use the employer’s biometric hand scanner to clock in and out.
  • GFL Environmental Services USA, a waste management company, agreed to settle a class action lawsuit filed by employees alleging that they failed to secure consent before obtaining palm print data for timekeeping. The settlement was for $200,000, with each class member expecting to receive approximately $1,500.

If your biometric data is being mishandled, contact The Lyon Firm at (513) 381-2333 to discuss your circumstances and explore your legal options.

What States Have Biometric Regulations?

Most states have no comprehensive biometric regulations. The following states are exceptions:

  • Texas has its own biometric privacy act which provides that a person cannot capture a biometric identifier without a prior consent, and may not sell biometric data without consent. A company or person must use reasonable care in storing it, and “shall destroy the biometric identifier within a reasonable time.” Violators may face a civil penalty of $25,000 for each violation,
  • Washington passed biometric privacy legislation in 2017. The law prohibits any company or individual from entering biometric data into a database for a commercial purpose without providing notice, obtaining consent, or providing a mechanism to prevent the subsequent use of a biometric identifier for a commercial purpose.
  • The California Consumer Privacy Act (CCPA) regulates biometric data by including it in the definition of “personal information.” Biometric data is defined in the CCPA to include physiological, biological or behavioral characteristics, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings.
  • New York has passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which broadens the definition of private information to include biometric information. The law applies specifically in the employment context and prohibits fingerprinting “as a condition of securing employment or of continuing employment.”
  • Arkansas amended existing laws and revised the definition of covered personal information to now include biometric data.

Other states have introduced biometric legislation but most laws have not yet been enacted.

Although some legislation protecting consumers from companies misusing their biometric data has been passed since 2008, class action lawsuits have not been filed until relatively recently. Companies have tried to shift away from potential legal trouble, but many are still toeing the line between legal marketing tactics and invasive schemes.

At the moment, only Illinois has passed biometrics legislation that provides for a private right of action, while Texas, Washington, California, New York, and Arkansas have passed biometric statutes only allow enforcement by the state attorneys general.

Your Right to Justice
Learn About Class Action Litigation

Filing Class Action lawsuits is a complex and serious legal course and can carry monetary sanctions if proper legal course is not followed. The Lyon Firm is dedicated to assisting injured plaintiffs work toward a financial solution to assist in compensating for privacy violations or other damages sustained.

We work with law firms across the country to provide the most resources possible and to build your data privacy case into a valuable settlement. The current legal environment is favorable for workers and consumers involved in data privacy class actions.