Workplace privacy law · IL
Illinois workplace electronic monitoring law and what it means for organizational health intelligence.
The governing statute is 720 ILCS 5/14-2 (Illinois Eavesdropping Statute). Two-party consent for recording private electronic communications.
Illinois BIPA is the most aggressively litigated employee privacy statute in the United States. Any workplace analytics that touches biometric features (voiceprints, video face geometry) must run a written-consent flow before collection. Text-only communication analytics is outside BIPA scope.
Consent posture
Two-party consent
Primary citation
720 ILCS 5/14-2 (Illinois Eavesdropping Statute)
Enforcement
Illinois Attorney General; BIPA carries a strong private right of action with statutory damages.
Notification requirements in Illinois
- Separate consent regime for biometric data
- Personal social media accounts protected from compelled disclosure
Other relevant Illinois statutes
Biometric Information Privacy Act (740 ILCS 14)
BIPA requires written, informed consent before collecting biometric identifiers (fingerprints, face geometry, voiceprints). $1,000-$5,000 statutory damages per violation. Class actions are routine.
820 ILCS 55/10
Right to Privacy in the Workplace Act limits employer access to personal social media accounts.
Illinois Personal Information Protection Act (815 ILCS 530)
Notice-of-breach obligations for personal information including biometric data.
Employer obligations
- BIPA: written informed consent before any biometric data collection. Includes voiceprint or any biometric extracted from communications.
- Two-party consent for recording.
- No demand for personal social media credentials.
- Specific retention schedule and destruction protocol for biometric data.
How ClarityLift’s privacy posture maps to Illinois law
ClarityLift surfaces team-level patterns from the conversations a customer already has in Slack or Teams. The architecture is privacy-first by design. No DMs. Ever. Aggregate signals only. Minimum group threshold of 10. No individual scores. Customers retain full control of which channels are connected.
For employers operating in Illinois, the relevant requirements typically resolve at the policy and channel-selection layer, not the technical layer. ClarityLift does not record voice or video, so two-party consent statutes for audio/video recording are structurally inapplicable.
Compliance with 720 ILCS 5/14-2 (Illinois Eavesdropping Statute) is achieved by the customer through written notice to employees (where required), an acceptable-use policy, and clear channel-connection scope. ClarityLift’s consent architecture supports this directly: every connected workspace surfaces the channel list, retention posture, and group-floor minimum to admins.
This is not legal advice. Employers should review their specific monitoring practices with counsel before deploying any workplace analytics tool.
Frequently asked
Does ClarityLift read individual employee messages?
No. ClarityLift processes communication signals at the aggregate team level. No individual scores are produced. The minimum group threshold of 10 is structurally prevented in code — teams below that floor never surface signals.
What does Illinois consider a "private" communication for monitoring purposes?
Under 720 ILCS 5/14-2 (Illinois Eavesdropping Statute), the operative question is whether the communication was made with a reasonable expectation of privacy. Workplace channels under an acceptable-use policy that defines them as business communications generally fall within the business-purpose exception. DMs and personal channels are different — and ClarityLift excludes them by design.
Are DMs ever processed by ClarityLift?
No. DMs are rejected at the ingest gate before any classification, signal generation, or storage. This is structurally prevented, not a policy choice.
Does the biometric statute apply to ClarityLift?
Illinois biometric privacy law applies to the capture of biometric identifiers — fingerprints, voiceprints, face geometry, and similar. ClarityLift does not capture biometric identifiers. Communication signals are derived from text only.
See ClarityLift’s privacy architecture before you deploy in Illinois.
Aggregate signals only. No DMs. Minimum group threshold of 10. The compliance posture is built into the architecture, not bolted on after.