WeVote

Bill

Bill

HB 2838

To mandate county boards of education to provide feminine hygiene products in all public elementary, middle, and high schools for female students

2025 Regular Session Introduced by Larry Kump and 1 co-sponsor

HB 2838 narrows BIPA by excluding math-representations and certain devices, adds cure and 1-year limits, and requires notice before suit.

To House Education
0
WeVote Research Nonpartisan
Bill Summary · HB 2838

Note on source document
The provided file appears to combine text from two different bills numbered HB 2838 (one from Arizona addressing landlord‑tenant law and one from Illinois amending the Biometric Information Privacy Act). This summary focuses on the Illinois HB 2838 titled “BIPA — Security Purposes,” which amends the Illinois Biometric Information Privacy Act (740 ILCS 14) and matches the bill metadata and actions provided.

Purpose / Intent

HB 2838 amends the Biometric Information Privacy Act (BIPA) to (1) refine and narrow the definitions of covered biometric data and entities, (2) create exemptions for certain security uses and devices that convert raw biometric inputs into mathematical representations, and (3) change enforcement and procedural rules for private actions alleging BIPA violations (including a cure period and a one‑year limitations period).

Key provisions

  • Definitions

    • Revises “biometric identifier” to expressly include retina/iris scans, fingerprints, voiceprints, and hand/face geometry, and to exclude items such as photographs, signatures, and certain medical imaging and genetic materials.
    • Excludes from the “biometric identifier” definition any information that has been captured and then converted to a mathematical representation (e.g., numeric string) that cannot be used to recreate the original biometric identifier.
    • Adds definitions for “biometric lock” and “biometric time clock”—devices that convert a person’s biometric identifier into a mathematical representation for access or timekeeping—and for “person” (natural person) and “private entity” (broadly defined, excluding state/local agencies and courts).
    • Defines “security purpose” to include preventing/investigating theft or fraud, controlling access to property, protecting people from harm, and assisting law‑enforcement investigations.
  • Collection/Retention/Consent

    • Continues to require private entities in possession of biometric identifiers/information to have written retention and destruction policies and make them available to subjects.
    • Creates an express exception: information captured by a biometric time clock or biometric lock that is converted to a mathematical representation is not covered by the Act.
  • Enforcement, notice, cure, and limitations

    • Establishes that an aggrieved person has a right of action in state or federal court, but only within one year from occurrence (one‑year statute of limitations).
    • Requires an aggrieved person to provide the private entity with a written notice specifying the alleged BIPA violations and to give the private entity 30 days to cure the noticed violation before proceeding with a suit (a mandatory notice-and-cure procedure).
    • Exempts private entities from these requirements (or from enforcement) if their employees are covered by a collective bargaining agreement that provides different policies addressing retention, collection, disclosure, or destruction of biometric information.
  • Effective date

    • The bill states it is effective immediately.

Who is affected

  • Private entities (businesses, employers, retailers, vendors) that collect or use biometric identifiers/information, especially those using biometric time clocks and biometric locks.
  • Employees, customers, and other individuals whose biometric data is collected or used by private entities in Illinois.
  • Plaintiffs and defense counsel in BIPA litigation: the bill shortens the timeframe to bring claims, adds a pre‑suit cure period, and narrows the universe of covered data/devices.

Potential impacts / implications

  • Narrows BIPA’s scope by excluding biometric data that has been converted to non‑reversible mathematical templates and by creating explicit device‑based exemptions (time clocks and locks that use templates). This could reduce the number of claims based on common timekeeping and access control systems.
  • Introduces a mandatory pre‑suit cure period and a one‑year limitations period, which likely reduces litigation exposure and speeds dispute resolution compared with the current statutory scheme.
  • The collective bargaining exemption may shift how employers covered by unions handle biometric policies.
  • Entities that currently rely on BIPA consent/notice procedures should review and may revise policies, retention schedules, and consent practices to reflect the new definitions and cure/notice requirements.

Procedural status (selected)

  • Introduced in the Illinois House on 02/06/2025 by Rep. Dan Ugaste.
  • Referred to committees (Data Privacy/Emerging Issues subcommittee etc.); companion bill: SB 1405.
  • Bill text indicates immediate effectiveness if enacted.

If you want, I can:
- Produce a side‑by‑side comparison with current BIPA provisions highlighting exact textual changes;
- Summarize the Arizona landlord‑tenant text that also appears in the file.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.