FB pixel

Attorneys provide eight tips to ensure compliance with Texas’ biometric privacy law

 

Biometric hardware revenues forecast to hit $19B by 2024 on access control and camera growth

Texas’ Capture or Use of Biometric Identifier Act (CUBI) is a lesser-known cousin of Illinois’ Biometric Information Privacy Act, but companies doing business in the state should be aware of it to mitigate their risk of liability, write three members of Blank Rome LLP’s Biometric Privacy Team.

In a post for Law.com, Jeffrey N. Rosenthal, David Oberly and Zachary J. Wyatte compare CUBI to BIPA, noting that the Texas statute applies to commercial uses of biometrics.

“Commercial purpose,” however, is not defined in the legislation. The attorneys recommend that businesses treat all company operations as potentially included in CUBI requirements.

Those requirements include notice and consent stipulations, data retention and destruction rules, prohibitions on selling, leasing, or disclosing biometric data (with several exceptions), and minimum standards for data security.

Penalties of up to $25,000 can be levied under the act for each violation, though a significant difference from BIPA is that the Texas Attorney General holds exclusive enforcement power. Currently, Facebook is under investigation by the Texas Attorney General for possible CUBI violations. The lack of a maximum cap means that a company with 100 employees found to be noncompliant could face $2.5 million in potential exposure if biometrics collection and use from each is considered a separate violation.

The Blank Rome attorneys provide recommendations for eight specific actions that they suggest could both help defend against CUBI liability and also provide flexibility to comply with future laws related to biometrics, from data mapping to consulting with counsel that has experience with biometric privacy.

With negative press upping the pressure on regulators to strictly enforce existing biometrics laws, companies operating in Texas would do well to take proactive measures to make sure they are compliant with CUBI. Further, according to the article, companies everywhere should take steps to make sure that they can comply with biometric privacy laws as they evolve.

Oberly recently penned advice on BIPA to companies operating in Illinois for Biometric Update.

Article Topics

 |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

G7 digital identity lingo aligned, technical standards not so much

An attempt to match the digital identity systems of some of the world’s richest countries against each other shows a…

 

Report: Synthetic identity fraud is growing

A new U.S. Government Accountability Office (GAO) report on its recent audit of the US Social Security Administration’s (SSA) Electronic…

 

Biometric sensors for road safety launched by Infineon, Rheinmetall Dermalog

Infineon Technologies and Rheinmetall Dermalog Sensortec have each introduced biometric identification and authentication tools, one based on fingerprints and other…

 

New tools, Authenticate presentations coax hesitant businesses to adopt passkeys

The FIDO Alliance has launched a pair of tools at its Authenticate 2024 event online and in Carlsbad, California, Passkey…

 

How to get passkeys working for a billion Microsoft users and beyond

The FIDO Alliance has kicked off the Authenticate 2024 conference with a campaign urging people to “free yourself with passkeys,”…

 

French regulator releases technical reference on age verification for porn

France’s Regulatory Authority for Audiovisual and Digital Communication, Arcom, has published its Technical Reference on Age Verification for the Protection…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events