Question 28
UnclassifiedWhat is a major compliance risk associated with BIPA compared with many state comprehensive privacy statutes?
Correct answer: B
Explanation
BIPA is especially risky because it allows private lawsuits and statutory damages, unlike many state comprehensive privacy statutes that rely more on attorney general enforcement. That creates direct exposure for businesses to class actions and per-violation damages, making "private litigation and statutory-damages exposure" a major compliance concern.
Why each option is right or wrong
A. It has no enforcement mechanism at all
B. It is known for private litigation and statutory-damages exposure
Illinois’ Biometric Information Privacy Act (740 ILCS 14/15, 20) expressly authorizes a private right of action, so affected individuals may sue directly rather than relying only on regulator enforcement. Section 20 provides liquidated damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation, plus attorneys’ fees and injunctive relief, which is why the principal compliance risk is litigation-driven monetary exposure.
C. It applies only to anonymized data
D. It exempts biometrics collected in workplaces