Attorneys provide eight tips to ensure compliance with Texas’ biometric privacy law
Texas’ Capture or Use of Biometric Identifier Act (CUBI) is a lesser-known cousin of Illinois’ Biometric Information Privacy Act, but companies doing business in the state should be aware of it to mitigate their risk of liability, write three members of Blank Rome LLP’s Biometric Privacy Team.
“Commercial purpose,” however, is not defined in the legislation. The attorneys recommend that businesses treat all company operations as potentially included in CUBI requirements.
Those requirements include notice and consent stipulations, data retention and destruction rules, prohibitions on selling, leasing, or disclosing biometric data (with several exceptions), and minimum standards for data security.
Penalties of up to $25,000 can be levied under the act for each violation, though a significant difference from BIPA is that the Texas Attorney General holds exclusive enforcement power. Currently, Facebook is under investigation by the Texas Attorney General for possible CUBI violations. The lack of a maximum cap means that a company with 100 employees found to be noncompliant could face $2.5 million in potential exposure if biometrics collection and use from each is considered a separate violation.
The Blank Rome attorneys provide recommendations for eight specific actions that they suggest could both help defend against CUBI liability and also provide flexibility to comply with future laws related to biometrics, from data mapping to consulting with counsel that has experience with biometric privacy.
With negative press upping the pressure on regulators to strictly enforce existing biometrics laws, companies operating in Texas would do well to take proactive measures to make sure they are compliant with CUBI. Further, according to the article, companies everywhere should take steps to make sure that they can comply with biometric privacy laws as they evolve.
Oberly recently penned advice on BIPA to companies operating in Illinois for Biometric Update.