The Illinois Genetic Information Privacy Act (GIPA) was originally enacted in 1998 to prevent genetic information, such as family history, from being used against employees. Similar to the Illinois Biometric Information Privacy Act (BIPA), GIPA prohibits the collection, disclosure, and/or use of an individual’s genetic information.  GIPA also prohibits employers from requesting or using the genetic information in the firing/hiring process or when assigning work.

Recent lawsuit

In March of 2023, Amazon was sued by a group of current and former employees claiming their family medical histories were unlawfully requested in violation of GIPA. The lawsuit alleges that as part of their hiring processes, Amazon collected prospective and current employees’ family medical histories in direct violation of GIPA, which prohibits employers from asking about or using genetic information—including an individual’s family medical history—to make employment decisions. According to the suit, the companies have “improperly” used medical history data to “[evaluate] the risk” that an employee may be predisposed to or have inherited a genetic condition that could become a liability in the future. The plaintiffs seek certification of the class action, damages under the GIPA of $2,500 for every negligent violation and $15,000 for every willful violation, fees, costs and a jury trial.

Potential insurance coverages

Commercial general liability (CGL) and employment practices liability insurance (EPLI) may offer coverage in GIPA cases for violation of one’s right to privacy. Some exclusions that are applied in BIPA litigation are also expected to be applied in GIPA claims:

  • Employment-Related Practices Exclusion (ERP)
  • Violation of Law Exclusion
  • Access or Disclosure Exclusion

If your company is doing business in Illinois, GIPA should definitely be on your radar. Ask yourself the following questions to determine whether additional steps must be taken to ensure compliance with the statute:

  • In the course of your business, do you collect the genetic information, or medical histories or your customers, employees, or their family members?
  • Does your company require “health screenings” as part of your application process, or as part of any employee health or wellness program?
  • If you offer health insurance to individuals, do you collect genetic information, and if so, who do you disclose it to, and how do you use that information?

For more information, contact a Marsh McLennan Agency (MMA) advisor.

Related insights