The Matrix

Last week, the Consumer Financial Protection Bureau (“CFPB”) took a significant step forward in enhancing consumer control over private financial data when it launched a rulemaking process under Section 1033 of the Dodd–Frank Wall Street Reform and Consumer Protection Act (“Section 1033”). Section 1033 requires the CFPB to implement a rule to allow consumers to access their financial information. Currently, there is no duty under Section 1033 to maintain or keep any information about a consumer. The CFPB has yet to adopt a rule relating to data access, despite its authority to do so.

This is a follow-up to the June 23, 2021 Litigation Trends Analysis Alert, “How the IWCA Impacts BIPA Claims.” As noted there, the question before the Supreme Court of Illinois in McDonald was whether claims of injury under the Illinois Biometric Information Privacy Act (BIPA) fall under the scope of the Illinois Workers’ Compensation Act (IWCA). The Court ruled last month that the BIPA is not preempted by the IWCA.

The Illinois Biometric Information Privacy Act (BIPA) is a law concerning the protection of biometric data. The BIPA requires companies collecting biometric information to establish a policy and obtain a written release from its employees prior to collecting and using this information. The BIPA is the only statute of its kind with a private right of action. Under the BIPA, individuals may sue for violations and recover monetary damages.