Labor & Employment Law Update

Most Illinois businesses well are aware of Illinois Biometric Information Privacy Act and the hundreds of lawsuits and multimillion dollar settlements it triggered. But there’s another Illinois privacy law quietly making waves for employers: The Illinois Genetic Information Privacy Act (GIPA).

GIPA has been Illinois law for over two decades, but only recently saw an explosion of lawsuits—and the resulting settlements are proving very costly. Recently, Ford Motor Company agreed to pay $17.5 million to settle a class action lawsuit alleging it requested genetic information from job applicants in violation of GIPA.

With steep penalties and accelerating litigation, it is important—now more than ever—for employers to be in compliance.

How Do Employers Violate GIPA?

Passed in 1998, GIPA protects the genetic information and genetic testing results of individuals. It also prohibits discrimination by employers based on genetic information. Notably, genetic information is broadly defined as the results of genetic testing and the “manifestation or possible manifestation of a disease or disorder in a family member of an individual.” Damages are $2,500 per violation, with the possibility of $15,000 for intentional or reckless violations. These cases are usually brought as class actions, meaning the damages available increases exponentially.

The majority of lawsuits filed under GIPA arise when employers require applicants to complete a pre-employment physical. As part of this physical, the applicant is asked about his or her medical history, and specifically, the medical conditions of family members. This conduct would violate GIPA, as employers are prohibited from “directly or indirectly” requesting “genetic information” as part of pre-employment physicals.

Although this prohibition is driving the majority of GIPA lawsuits, it is far from the only restriction.  For example, GIPA regulates the collection and use of genetic information in connection with voluntary wellness programs, FMLA certification, and genetic monitoring for workplace hazards. The law also prohibits employers from taking adverse employment actions based on an employee’s genetic information.

Steps to Ensure Your Company Is Compliant

The breadth of GIPA, along with the steep statutory penalties, means employers with ties to Illinois must be vigilant to comply with all of the law’s provisions. At a minimum, companies ought to:

1. Audit Hiring and Internal Practices. Revisit and revise hiring procedures and internal policies to ensure current and prospective employees are not evaluated on the basis of genetic information in hiring or firing or in the determination of compensation, terms, or conditions of employment.
2. Avoid “Flagging” Individuals. Do not “flag”—formally or informally—current or prospective employees because they do or do not share genetic information.
3. Review Preemployment Practices. Do not request genetic information from prospective employees as part of pre-employment physical examinations or screenings.
4. Implement Compliant Wellness Programs. Have GIPA-compliant policies in place to account for collection and use of “genetic information” if you operate an employee wellness plan.
5. Create Anti-Retaliation Safeguards. Shield employees and prospective employees from retaliation for alleging GIPA violations by implementing strong anti-retaliation policies.