Site Search
Professionals 11 results
Capabilities 8 results
Practice Area
Winston takes a strategic approach to privacy and data security, integrating our extensive capabilities across practices to provide our clients with cutting-edge privacy and data security counseling, crisis management, security incident investigation and notification management, defense of data security class action litigation and regulatory inquiries, and international data protection. Our Global Privacy & Data Security Practice features a core team of privacy professionals and is bolstered by more than 40 attorneys from a variety of other disciplines firmwide. Our team combines compliance counselors, transactional lawyers, former government regulators and federal prosecutors, seasoned investigators, and experienced litigators. Few firms can rival our in-depth, sophisticated, and integrated experience in this area.
Practice Area
Privacy: Regulated Personal Information (RPI)
Winston’s Regulated Personal Information (RPI) Practice offers seamlessly integrated counseling and litigation services to companies looking for practical and solution-oriented assistance navigating the compliance, regulatory, and private class action enforcement risks presented by the emerging patchwork of complex (and often conflicting) privacy laws in the United States and beyond.
Practice Area
Class Actions & Group Litigation
Winston has developed a consistent record of success handling class action cases in state and federal courts. The practice is anchored by seasoned class action lawyers, many of whom have been recognized by Chambers USA and other ranking organizations as being top practitioners in their field. Our clients rely on us to steer them through class action matters by drawing on the firm’s significant experience in resolving complex litigation using creative and aggressive arguments, across a broad range of class, collective, coordinated, and mass actions, as well multidistrict litigation. We also have succeeded at trial in several class actions—a rare occurrence.
Experience 1 result
Experience
|October 1, 2023
Class Action Plaintiff Sent Packing After Winston Secures Enforcement of Binance’s Terms of Use
Insights & News 47 results
In the Media
|March 12, 2025
|2 Min Read
Sean Wieber Discusses Growth of Privacy Class Actions Involving Biometrics and Genetics with Law.com
Winston & Strawn Global Privacy & Data Security Practice Co-Chair Sean Wieber was quoted in a Law.com article discussing the growth of privacy class action lawsuits against employers involving biometrics and genetics. In recent years, privacy disputes have emerged under Illinois’ Biometric Information Privacy Act (BIPA) as employees challenged how employers stored data, such as fingerprints used to clock in and out of work. Favorable rulings for plaintiffs in these cases exposed corporations to a potential risk for high costs for each violation, but legislative changes put a limit on the payout potential. Now, lawsuits are emerging under the Illinois Genetic Information Privacy Act (GIPA), which has statutory damages three times higher than BIPA, against employers who allegedly required employees or job seekers to provide “genetic information,” or family medical background, as a condition of employment.
In the Media
|March 20, 2024
|1 Min Read
Winston & Strawn partner and co-chair of the Global Privacy & Data Security Practice, Sean Wieber was quoted in a Bloomberg Law article discussing the possibility of more companies taking their privacy cases to trial in Illinois following a landmark federal settlement resolving an Illinois Biometric Information Privacy Act case in which a class of over 44,000 members claimed BNSF Railway Co. violated BIPA by illegally collecting biometric data. After the jury found BNSF liable, the judge himself imposed a $228 million penalty, but later withdrew that award because the jurors should have been told that damages are not mandatory in BIPA cases, and they should have had the chance to determine penalties themselves. The parties agreed to settle for $75 million before the damages portion of the trial commenced. The settlement and a related Illinois Supreme Court ruling, in which the high court said lawmakers had intended to make BIPA damages “discretionary,” is expected to encourage defendants to consider an even more aggressive stance when litigating these types of claims.
Class Action Insider
|February 24, 2023
|4 Min Read
Last week, in Cothron v. White Castle System, Inc., the Illinois Supreme Court confirmed that each violation of BIPA constitutes a distinct and separately actionable violation of the statute.
Other Results 8 results
Site Content
The Illinois Biometric Invasion of Privacy Act (BIPA), enacted in 2008, grants Illinois consumers the right to their own biometric data, such as fingerprints, retina or iris information, voiceprints, and DNA. Under the BIPA, private companies are prohibited from collecting biometric information unless (1) the person consents in writing and (2) the companies inform the person in writing of what data is being collected, for what purpose, and for how long. Besides the notice and consent requirement, the law also bans any company from selling or otherwise profiting from consumers’ biometrics.
Site Content
The Illinois Genetic Information Privacy Act (GIPA), enacted in 1998, prohibits employers and their agents from conditioning employment on genetic data, or from using genetic data in discriminatory ways. The statute also prohibits insurers from seeking genetic information to use in connection with accident or health insurance policies.