In recent years, Illinois has become a focal point for privacy litigation, thanks in large part to the Biometric Information Privacy Act (BIPA), which has been the subject of numerous class action lawsuits. However, another Illinois privacy law, the Genetic Information Privacy Act (GIPA), has begun to attract attention from plaintiffs’ attorneys, raising concerns for employers across the state.

Enacted in 1998, GIPA, in part, regulates the collection and use of genetic information by employers in Illinois. Genetic information, as defined by GIPA, includes details from genetic tests, the presence of diseases or disorders, and genetic services. The law prohibits employers from soliciting, requesting, or requiring genetic information as a condition of employment or during the pre-employment process.

While GIPA has been on the books for over two decades, it has only recently become the target of litigation. In 2023, Plaintiffs’ attorneys filed a significant number of class action lawsuits against employers across various industries, alleging violations of GIPA. These cases often involve employers,  or an entity on their behalf, requesting family medical histories or conducting pre-employment physical examinations that allegedly touch upon genetic information.

One of the reasons for the surge in GIPA litigation is the potential for significant damages. Violations of GIPA can result in statutory penalties ranging from $2,500 to $15,000 per violation, depending on the level of negligence or intent. Moreover, prevailing parties may also be entitled to injunctive relief and attorney fees. While GIPA cases are still in their early stages, parallels can be drawn to the interpretation of BIPA by Illinois courts based on similar statutory language in the provisions describing the private right of action and recoverable damages. It is well-settled that a BIPA plaintiff need not allege any actual injury or harm to be deemed “aggrieved” under the act and recover liquidated or actual damages. It remains to be seen whether GIPA will be similarly interpreted, but it is likely given the similar language and at least one court has already made such a finding. See Bridges v. Blackstone, Inc., 2022 WL 2643968, at *3 (S.D. Ill. July 8, 2022) Employers should remain vigilant and monitor legal developments closely as the interpretation of GIPA continues to evolve.

In light of the potential risks associated with GIPA compliance, Illinois employers must take proactive steps to ensure adherence to the law. Here are some practical measures to consider:

  • Review Policies and Practices: Employers should review their policies and practices regarding the collection and use of genetic information. This includes evaluating pre-employment questionnaires, wellness programs, and any other processes that may involve genetic data.
  • Contractual Obligations: Employers who outsource services such as physical examinations should review their contracts to ensure compliance with GIPA. Additionally, insurance policies should be examined to determine coverage for potential litigation arising from GIPA violations.
  • Stay Informed: Given the evolving legal landscape surrounding GIPA, employers should stay informed about developments in case law and seek legal guidance as needed to ensure ongoing compliance.

As GIPA litigation continues to gain momentum, Illinois employers must prioritize compliance with this complex privacy law. By understanding their obligations under GIPA, implementing appropriate policies and practices, and staying informed about legal developments, employers can mitigate the risk of costly litigation and protect the privacy rights of their employees.