FB pixel

New York proposes a narrow biometrics privacy law

New York proposes a narrow biometrics privacy law
 

The list of states unwilling or unable to wait for the federal government to create nationwide biometric privacy laws continues to grow. New York state legislators have now introduced a fairly limited bill that would regulate some aspects of the way private organizations handle biometric data.

Among other provisions, organizations holding biometric identifiers would not be allowed to profit in any way from the use of the data.

Introduction of Assembly Bill 27 is expected January 6 and it will be sent to the body’s consumer affairs and protection committee. Its fate is not known beyond that.

The act would compel all non-governmental organizations holding biometric identifiers or information to formalize how they handle the materials.

It would mandate that written policies be created for how long information can be retained and how it will be permanently destroyed.

Entities storing the biometrics also would have to dispose of the data after the original reason for collecting or otherwise obtaining the biometrics has been “satisfied” or three years after the person last interacted with the organization, whichever comes first.

For this bill, biometric identifiers would be restricted to recorded data about a person’s retinas, irises, fingerprints, voice and face and hand geometries. It would not matter how the data is captured, stored, converted or shared.

Identifiers would be entirely off limits for private use unless the person is alerted in writing about how and for how long the data will be used, and the person agrees in writing to its use. There would be similar restrictions on disclosing or redisclosing a person’s biometric identifiers.

Executives would also have to afford a person’s data the same level of privacy protection, or more, that they apply to their own organization’s proprietary information.

The bill also includes a right of private action, so people feeling their privacy has been violated could take the matter to the state’s supreme court, seeking damages of up to $5,000 per violation.

The damages clause closely follows similar remedies in the landmark Biometric Information Privacy Act (BIPA) passed in Illinois in 2008. It is proving difficult for state legislatures to enact laws allowing people to sue for damages, however.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Findynet funding development of six digital wallet solutions

Finnish public-private cooperative Findynet has announced it will award 60,000 euros (US$69,200) to six digital wallet vendors to help translate…

 

Patchwork of age check, online safety legislation grows across US

As the U.S. waits for the Supreme Court’s opinion on the Texas case of Paxton v. Free Speech Coalition, which…

 

AVPA laud findings from age assurance tech trial

The Age Verification Providers Association (AVPA), and several of its members, have welcomed the publication of preliminary findings from the…

 

Sri Lanka to launch govt API policies and guidelines

Sri Lanka’s government, in the wake of its digital economy drive, is gearing up to release application programming interface (API)…

 

Netherlands’ asylum seeker ID cards from Idemia use vertical ICAO format

The Netherlands will introduce new identity documents for asylum seekers Idemia Smart Identity, compliant with the ICAO specification for vertical…

 

Zenoo integrates Trinsic, Sumsub for advanced digital ID onboarding options

Onboarding and compliance orchestration engine provider Zenoo has formed a pair of partnerships to give its customers a broader range…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events