Litigation is advancing in Illinois against major companies that have allegedly asked job seekers to illegally disclose family history of high blood pressure, cancer, and other diseases, raising the threat of hefty damages without clear legal guidance.
Proposed class actions under Illinois’ Genetic Information Privacy Act of 1998, one of few such state laws, have surged since 2023. At least 30 have been filed or moved to federal court in that time, according to a Bloomberg Law analysis of federal dockets.
Many accuse companies of unlawfully requesting medical records or family medical history during pre-employment physicals or fitness-for-duty exams. Some workers have secured recent court wins allowing their lawsuits to move forward, including against companies like
The suits pose a challenge for companies, which often require medical exams to ensure prospective workers can safely handle job requirements. For instance, package delivery drivers must be able to lift heavy boxes, and drivers may need eye exams.
But the ability to continue asking certain family medical history questions as part of these inquiries could be under threat if courts ultimately decide these company queries comprise “genetic information.”
Legal Gray Area
Many of these lawsuits are still in their early stages, leaving employers and employees on edge.
Two of the first rulings to interpret GIPA’s scope were issued in July when the US District Court for the Northern District of Illinois declined United Airlines and Union Pacific’s separate bids to dismiss proposed class actions from job seekers claiming they were unlawfully required to disclose family medical history of certain conditions when applying.
The plaintiffs had applied to be baggage handlers and an operations worker with United, and a train maintenance technician and a customer service representative with Union Pacific.
No Illinois appellate court has yet addressed what it means to be a person “aggrieved” by an alleged GIPA violation, so federal judges have looked toward case law under the Illinois Biometric Information Privacy Act.. BIPA gives individuals the statutory right to control biometric information like their fingerprints and facial scans, and restricts how companies can gather and use that data.
GIPA provides this same privacy right when genetic information is requested either as a condition of employment or at the pre-employment stage, the courts said.
Genetic Information
What encompasses genetic information, which the courts are also parsing out, is a “tricky” area for employers to navigate, said Richard J. Mrizek, of counsel at Jackson Lewis PC.
Such information extends to a range of data beyond just direct genetic test results, which can be acquired, even inadvertently, through various means, he said. Doctors are used to asking about family medical history in the interest of helping patients understand their own health risks, but those types of questions from employers can leave them vulnerable to accidentally inquiring about what might be deemed genetic information.
The companies sued under GIPA have countered that general family medical history doesn’t meet the definition of genetic information and that the disclosures fall into the law’s safe harbor for accidental collection.
The companies also argue that no injury was committed because they ultimately hired at least some applicants named in the suits.
The federal Genetic Information Nondiscrimination Act of 2008, which prohibits companies from collecting or obtaining genetic data and medical history of workers and their family members, has been instructive for courts as GIPA and GINA contain identical terms. Rulings found that any conduct related to genetic information, including collecting information about “cardiac health, cancer, and diabetes” within the family, applies to GIPA.
Many workers have thus far notched favorable rulings under GIPA. Employers will likely settle cases quickly because of the possibility of facing astronomical statutory damages due to the statute’s broad coverage, said John Ochoa, a partner at Amundsen Davis LLC specializing in data privacy.
Under GIPA, employees can sue for $15,000 in damages per intentional or reckless violation and $2,500 per negligent violation, with no statutory damages cap.
GIPA cases haven’t reached trial yet, but the plaintiff’s bar has reaped significant wins in BIPA suits in recent years, including BNSF Railway Co.'s $75 million settlement in February after a jury found it violated the privacy rights of thousands of employees.
Preventive Measures
As they collect more worker data, employers are broadly grappling with managing compliance with genetic privacy laws and ensuring information isn’t misused.
Conditional job offers are “pretty common,” said Elizabeth Pendo, senior associate dean for academic affairs at the University of Washington School of Law. “After an applicant is given a conditional job offer, then an employer can ask about disability or conduct medical examinations, as long as it’s doing that for everyone in that same job category,” she said.
In narrow circumstances where such requests are needed, employers must provide explicit disclosures to the worker regarding the data they are gathering and how it will be used, in order to avoid GIPA or GINA violations, employment and benefits attorneys said.
Employers can include “warning language that can be used to support inadvertent disclosures and further defense,” said Peter Berk, a senior attorney at Clark Hill PLC. “Given how broadly the courts have interpreted genetic information, there are a lot of things that can fall into that.”
In the health-care context, GINA offers protections for unintentional collection of genetic information much like the Illinois law, especially since doctors conducting employment exams for employers can often inquire about family medical history for preventive care purposes.
This safe harbor could arguably cover future requests for medical records as long as employers previously informed workers of their privacy rights, said Rachele Hendricks-Sturrup, a researcher at the Duke-Margolis Institute for Health Policy. However, many try to avoid the problem by using specific, narrow medical forms and training doctors doing employment exams to avoid questions that might violate the law.
“Firewalls would need to be in place,” she said.
To contact the reporters on this story:
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.