A third regulator has recently entered into a proposed consent that includes a $500,000 fine based in part on a company’s over-retention of personal data for longer than it was needed.  The first regulator was the French data protection authority, the CNIL, in 2021, which we wrote about here.  The second regulator was the New York Attorney General in January of 2022, which we described here.  And the third is the U.S. Federal Trade Commission, which issued a proposed consent with the current and former owners of CafePress on March 15.

Illinois’ Biometric Information Privacy Act (“BIPA”) is considered the most comprehensive law governing the processing of biometric data. Passed in 2008, BIPA sets out requirements for private entities, including employers, that collect, use, store, and share biometric information.  It’s also one of the most popular class action suits today – hundreds, if not thousands of cases have been filed in recent years – and there is no sign that the litigation is slowing down.