How Illinois BIPA Restricts Tracking Remote Employee

 Posted on November 21, 2025 in Employment Law

Illinois employers are facing a new compliance challenge: how to monitor remote workers without violating the Biometric Information Privacy Act (740 ILCS 14/). As more employees work from home on company laptops, employers are increasingly using facial recognition logins, identity verification scans, keystroke-tracking tools, and productivity-monitoring software.

Regardless of an employee's location, BIPA’s strict consent, storage, and disclosure rules remain applicable. A seemingly harmless remote-work tool can trigger statutory damages of $1,000 to $5,000 per scan, making surveillance of off-site workers one of the riskiest areas of Illinois employment law today. If you are an Illinois employer with remote or hybrid employees, you must consult with a Schaumburg, IL employment law attorney to ensure you remain in compliance with BIPA.

What is BIPA and How Does It Apply to Remote Workers?

The Illinois Biometric Information Privacy Act was enacted in 2008 and regulates how private companies collect, use, and store biometric data. To stay in compliance, Illinois companies must provide written notice regarding the purpose of the data and the duration of its use. They must also get written consent before collecting the data. BIPA also prohibits companies from profiting from the data collected, giving individuals the right to sue for violations.

All companies must develop a policy on data retention and permanent destruction, and this policy must be made publicly available. Biometric information covered by BIPA encompasses a wide range of data, including fingerprint scans, voiceprints, hand geometry, and retina or iris scans. An amendment to BIPA in August 2024 limited the amount of damages a plaintiff can claim for violations and clarified that electronic signatures can serve as a valid "written release." BIPA applies to individuals, partnerships, corporations, and other entities, but not to government entities.  

How Remote Work Tools May Trigger BIPA Obligations

What employers need to know is that employees working from home remain fully protected under BIPA. They should also be aware that some remote work platforms may collect biometric data without the employer's knowledge. Some of the remote work tools that may trigger BIPA obligations include:

• Biometric timekeeping systems that require a finger, face, or hand scan to clock in and out (a primary source of BIPA litigation).
• Geolocation tracking, while not directly biometric, is used in some remote work policies to monitor an employee’s presence. When used in conjunction with other biometrics, this falls squarely under BIPA.
• Remote access systems that use facial recognition or other biometric identifiers to grant access to company systems or networks.
• Keystroke and screen monitoring tools designed to enhance productivity may capture unique patterns in keystrokes or screen interactions.
• Video conferencing tools with optional AI "enhancement" or "identity" features.

What Must Employers Have from Their Remote Workers?

BIPA requires employers to inform employees of any biometric data collected, how it will be used, and when it will be stored or deleted. Employees must be given notice of the collection and use of their biometric data before it is collected, and employers must take reasonable steps to protect the data. There must be a publicly available data retention and destruction policy that covers employee biometric data. This policy must identify third-party vendors handling biometric data.

Enforcement Trends Employers Need to Track

There has been a literal explosion of class action lawsuits based on remote onboarding tools, as well as increased litigation involving AI-driven identity verification. The damage exposure for employers is extremely high, at $1,000 per negligent violation and $5,000 per reckless or intentional violation per scan. Even a small business can face significant litigation risk. Employers must always conduct a BIPA risk audit before rolling out new remote software and surveillance tools.

Contact a Schaumburg, IL Employment Law Attorney

As monitoring tools become more sophisticated, employers need to be very aware of how biometrics are used for their remote workers. A Schaumburg, IL employment lawyer from The Miller Law Firm, P.C. can ensure your company remains in compliance with today’s remote work realities. Attorney Miller has an MBA in finance, in addition to his law degree. Call 847-995-1205 to schedule your free consultation.