The Illinois Biometric Information Privacy Act (“BIPA”) went into effect in 2008 and has been a steady source of litigation ever since. BIPA regulates how “private entities” collect, use and share biometric data and imposes certain security requirements. The stated intent of BIPA was to address the heightened risk of identity theft associated with the processing of biometric data. The legislature’s findings state that, “unlike other unique identifiers that are used to access finances or other sensitive information,” when biologically unique data is compromised, “the individual has no recourse” because the individual cannot change these identifiers. See our analysis here summarizing the obligations BIPA imposes, the current state of BIPA litigation, and what steps businesses can take to reduce litigation risks.