FB pixel

Biometrics regulations are coming, firm warns as BIPA lawsuits pile up

Biometrics regulations are coming, firm warns as BIPA lawsuits pile up
 

Companies using biometrics should create policies and procedures for security, notice and consent, even if the law does not currently require them to do so, in anticipation of changes, law firm Thompson Hine advises.

The firm warns that “the regulations are coming!” and provides a review of the legal landscape in the U.S. at the state level.

In addition to established laws in Illinois, Texas, and Washington, Thompson Hine notes new legislation protecting biometric data has been enacted in Arkansas, California, and New York, with Washington adding data breach rules to its biometric regulation.

Laws have also been proposed in recent years, but not yet enacted, in Delaware, Alaska, Florida, Arizona, Hawaii, Oregon, Massachusetts, New Hampshire, New Jersey, and Rhode Island, which the firm says “demonstrates the trend among states to provide protections and regulate the collection of biometric data.”

Insurer Chubb has also identified state biometrics laws as a trending cyber risk in a new report, according to Insurance Journal. Illinois is the most prominent example, due to the right of private action the state’s BIPA provides, but other state regulators, as well as the federal government and international regulators are considering new restrictions.

Illinois, meanwhile, has passed a new Artificial Intelligence Video Interview Act, which regulates the use of AI facial analysis and similar technologies for evaluating candidates, a blog by law firm Davis Wright Tremaine LLP notes, saying it is the first state to do so. Eye On Privacy reports that the state has also amended its data breach notice law to require the Illinois Attorney General be informed of any data breach involving more than 500 state residents.

BIPA surge continues

Agricultural products company Agreliant Genetics is being sued under BIPA for allegedly failing to set out a retention schedule or receive written consent from workers for using fingerprint biometrics for employee time and attendance tracking, The Madison-St. Clair Record reports. The company did provide written notice to employees. The Record also reports Bria Health Services and Belleville Healthcare & Rehabilitation Center is being sued for allegedly using a fingerprint and hand geometry system without providing written information or collecting employee consent.

The Cook Country Record reports that R. A. Kerley Ink Engineers Inc. are facing a suit for allegedly missing the informed consent boat, as is Burger King, though the plaintiff in that case resides out of state. Gurtler Chemicals is likewise accused of failing to provide notice or collect consent, as is D&D Manufacturing Inc.. NEP Electronics Inc. is accused of not informing employees of its data retention plans for its time and attendance system, and CH Ventures LLC allegedly violated BIPA’s data storage information and consent requirements.

All of the above suits are proposed class actions, relating to employee time and attendance, with the alleged violations in each case relating to informed consent practices, rather than illegal breach or disclosure to a third party, or what defense attorneys and the U.S. Chamber of Commerce have previously characterized as “real-world harm.”

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Alan Goode offers insights on booming transitional IDV market on BU Podcast

Technology is transforming identity verification. According to Alan Goode of Goode Intelligence, by 2030, digital identity verification will pass traditional…

 

Share less data in more places: inching towards decentralized digital ID for travel

The travel industry is slowly shifting to a more decentralized model of digital identity. This was one of the key…

 

Clearview takes fresh legal hits over Canada class action, UK fine

Few biometrics companies have taken a bigger regulatory and legal beating than Clearview AI. It has already been a rough…

 

Mexico makes biometric identifier mandatory for all citizens

Mexico has officially introduced a digital identification system by signing a law that turned the previously optional biometric-based citizen code…

 

MOSIP highlights the UN DPI Safeguards Initiative

The United Nations’ DPI Safeguards Initiative has released 259 recommendations designed to guide regulators, advocates, donors, technology providers and governments…

 

Brazil adopts DaaS for verifiable credentials

Brazil is the latest country to adopt DPI as a Packaged Solution (DaaS) — a practical framework designed to accelerate…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events