Lawyers urge New York businesses to employ best practices for biometric data as law evolves
As New York State’s proposed “Stop Hacks and Improve Electronic Data Security” (SHIELD) Act is considered by state legislators, businesses in New York should at minimum treat biometric data as private information under the state’s data breach notification statute, according to an article in the New York Law Journal.
Co-chairs of law firm Gibbons’ Data Privacy & Security Task Force John T. Wolak and Mitchell Boyarsky and task force associate Randy A. Gray review the development of state laws in Illinois, Texas, and Washington in the article. They point out that the laws of other jurisdictions can be applied to companies in New York if they have business in those jurisdictions, as is the case in Facebook’s ongoing suit under Illinois’ BIPA, so companies collecting biometric data need to be aware of the laws in all jurisdictions they operate in. There are currently more than 30 cases pending under BIPA. The authors also point out the implications of collecting biometric data from EU citizens under GDPR.
A staff report published by the Federal Trade Commission in 2012, “Facing Facts, Best Practices for Common Uses of Facial Recognition Technologies,” advises companies using facial recognition to employ privacy by design, simplify consumer choice, and be transparent, according to the article.
A recent article in Lexology called on state lawmakers to improve their understanding of biometric technology to develop privacy legislation.