These include a requirement that companies: A key area of focus is that an entity must use a "reasonable standard of care"[7] in managing biometric information and identifiers.

[8] Senate Bill 2400, which eventually became the Biometric Information Privacy Act, was introduced by State Senator Terry Link on February 14, 2008; it passed both Houses of the Illinois General Assembly on July 10, 2008, and was approved by then-Governor Rod Blagojevich on October 3, 2008.

[9] The purpose of the Act was to establish standards of conduct for private entities that collect or possess biometric information.

According to the Cook County Record, "In Illinois, both the parent company of Mariano's supermarkets and the Intercontinental Hotel Group have been hit with class action lawsuits alleging they improperly collected and stored employee fingerprints and other biometric data.

[21] Rosenbach v. Six Flags Entm't Corp., 2019 IL 123186 Additionally, an employee of the NorthShore University HealthSystem has sued the company for allegedly collecting worker fingerprints without their consent, in violation of the Illinois Biometric Information Privacy Act.

[27] In February 2021, Judge James Donato approved a $650 million settlement in the federal In re Facebook Biometric Info.

case, praising the settlement as "a major win for consumers in the hotly contested area of digital privacy.

[32][33][34] It received significant opposition from many groups that advocate for digital privacy rights, including the Electronic Frontier Foundation.