Biometric data protection bill introduced in Massachusetts

In late January four Massachusetts state senators introduced a bill that would require companies to refrain from collecting personal and biometric data without consent.

Under the proposal, consumers could request a copy of their personal data that has been collected, restrict disclosure of the data to third parties, or request it be deleted. And Massachusetts citizens would have the right to pursue legal action should their personal information or biometric data be illicitly collected or stored. The proposal contemplates granting consumers a private right of action to obtain the greater of actual damages or $750 per incident, injunctive or declaratory relief, and reasonable attorneys’ fees.

The bill is similar to the Illinois Biometric Information Privacy Act, in that consumers not need to prove they suffered actual losses to seek damages. BIPA requires organizations to acquire consent prior to collecting a person’s biometric data for commercial purposes. It also mandates companies to take reasonable care in safeguarding such data, limits retention of such data to the purpose for which it was collected, and restricts the sale and disclosure of biometric data.

Arizona is also considering new regulatory rules that would make it illegal for businesses to use biometric data for commercial purposes without consent and legislators in New York City are expected to consider a bill this year which would amend municipal laws to include similar rules for biometric data collection.

Article Topics

biometrics  |  data protection  |  legislation  |  Massachusetts  |  privacy