FB pixel

Law firms weigh in on privacy rules for biometrics for online work and school, temperature screening

Law firms weigh in on privacy rules for biometrics for online work and school, temperature screening
 

While school and business interactions have flooded the internet as societies adjust to the COVID-19 pandemic, regulations protecting biometric data privacy have not been relaxed, which means some of these online interactions may be risking fines or other regulatory action, JD Supra reports.

In an article by Carlos Arévalo and Molly Arranz of SmithAmundsen LLC, accusations that Google has violated the Illinois Biometric Information Privacy Act (BIPA) and the Children’s Online Privacy Protection Act (COPPA) are held up as examples of the risk to companies as new activities are moved online. COPPA applies to all children across the U.S. under the age of 13.

Businesses using online conferencing or other communication platforms are advised to take several steps before allowing recordings or any interaction that could involve facial or voice data. Determining what biometric information is being collected, including identifiers that are collected simply through voice or video recordings, is the first step. Disclosures currently in place should be evaluated, and express written consent obtained from all customers, employees, and participants for any biometric information that is being collected and stored. A written policy which establishes data retention schedules and deletion procedures should not only be developed, but publicly available, and federal regulations, including COPPA, must not be forgotten in the attempt to deal with state laws.

The state law on biometric privacy that has generated the most litigation, BIPA, could have national implications, attorneys Kenneth D. Walsh and Mary Smigielski of Lewis Brisbois Bisgaard & Smith LLP write for Bloomberg Law.

Google has been sued in the Northern District of California for alleged violations of both BIPA and COPPA, which demonstrates the extraterritorial reach of BIPA, according to the report.

Before taking any action to leverage biometric technology to boost physical or logical access controls, such as with facial recognition-based time and attendance or mask detection systems or fingerprint readers for employees working from home, businesses should ensure they are compliant with BIPA and any other potentially relevant regulations.

“Awareness of the requirements of BIPA is critical for any company with operations in or with a connection to Illinois,” the attorneys write, particularly as remote working and learning continue.
The implications of contactless temperature scans under U.S. privacy laws is likewise considered by three attorneys from Husch Blackwell LLP.

With plans for returning to work including temperature screening at many businesses, as recommended by the CDC, there is a risk of unintentional privacy law violations or liability exposure. New Jersey’s Governor has also suggested temperature checks of customers entering restaurants may be required.

The attorneys consider the options of simple infrared scanners that screen temperature from a few inches away, facial recognition devices with thermal scanning, which can typically scan people further away, and wearables. State biometric privacy laws could apply to either of the latter two system types, including BIPA but statutes without private rights of action in Texas and Washington.

Information collected by the systems could also be subject to state breach notification and information security laws. Whether temperature information is defined as “medical information” under the California Consumer Privacy Act (CCPA) is unclear, but “biometric information” is clearly defined, though CCPA does not contain the same consent requirements as BIPA. Additional burdens could potentially be generated by CCPA, however, such as procedures for disclosure and deletion of people’s information on request.

The Equal Opportunity Employment Commission (EEOC) has advised businesses that employee temperature information is confidential, and the Americans with Disabilities Act requires medical information to be stored separately from the personnel files of employees.

The attorneys conclude by recommending best practices, including understanding the device used, vetting the company providing it, understanding the data security protections provided, and preparing notices for employees and customers of any system being used.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Singapore banks to roll out Singpass face verification

The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) have announced that major retail banks…

 

Chinese hacking compromised hundreds of thousands of devices containing personal PII

The US Department of Justice (DOJ) announced Wednesday that the Federal Bureau of Investigation (FBI) sought and obtained a court-authorized…

 

US needs facial recognition legislation, NIST guidance to protect civil rights: report

Facial recognition’s benefits for law enforcement and civil applications run by America’s federal government could be outweighed by its negative…

 

Nigerian leader pledges support for digital ID expansion amid DPI investment plans

Speaking through a representative at an event to mark 2024 Identity Day this week, Nigerian President Bola Tinubu highlighted the…

 

Nigerian digital ID startup Regfyl raises $1.1M to address Africa’s AML compliance challenges

Regfyl, a Nigerian digital identity verification and fraud detection startup, has secured $1.1 million in a pre-seed funding round. This…

 

Google launches synched passkeys as tech giants move away from passwords

Digital technology giants are directing their efforts toward implementing passwordless authentication, with a particular focus on using passkeys, to avoid…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events