FB pixel

New York proposes a narrow biometrics privacy law

New York proposes a narrow biometrics privacy law
 

The list of states unwilling or unable to wait for the federal government to create nationwide biometric privacy laws continues to grow. New York state legislators have now introduced a fairly limited bill that would regulate some aspects of the way private organizations handle biometric data.

Among other provisions, organizations holding biometric identifiers would not be allowed to profit in any way from the use of the data.

Introduction of Assembly Bill 27 is expected January 6 and it will be sent to the body’s consumer affairs and protection committee. Its fate is not known beyond that.

The act would compel all non-governmental organizations holding biometric identifiers or information to formalize how they handle the materials.

It would mandate that written policies be created for how long information can be retained and how it will be permanently destroyed.

Entities storing the biometrics also would have to dispose of the data after the original reason for collecting or otherwise obtaining the biometrics has been “satisfied” or three years after the person last interacted with the organization, whichever comes first.

For this bill, biometric identifiers would be restricted to recorded data about a person’s retinas, irises, fingerprints, voice and face and hand geometries. It would not matter how the data is captured, stored, converted or shared.

Identifiers would be entirely off limits for private use unless the person is alerted in writing about how and for how long the data will be used, and the person agrees in writing to its use. There would be similar restrictions on disclosing or redisclosing a person’s biometric identifiers.

Executives would also have to afford a person’s data the same level of privacy protection, or more, that they apply to their own organization’s proprietary information.

The bill also includes a right of private action, so people feeling their privacy has been violated could take the matter to the state’s supreme court, seeking damages of up to $5,000 per violation.

The damages clause closely follows similar remedies in the landmark Biometric Information Privacy Act (BIPA) passed in Illinois in 2008. It is proving difficult for state legislatures to enact laws allowing people to sue for damages, however.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Seventh Sense introduces privacy-preserving digital ID utilizing biometrics and PKI

Singapore-based startup Seventh Sense has introduced digital identity software that it says preserves privacy while providing biometric verification. The new…

 

Identity Day 2024: Marking progress and urgency

International Identity Day 2024 is being officially observed in dozens of countries around the world, and recognized by individuals and…

 

TSA wants to delay full enforcement of REAL ID another two years

The US Transportation Security Administration (TSA) has proposed to delay full enforcement of REAL ID for Americans until 2027, but…

 

DEA to make award for biometric-enabled polygraph

The U.S. Drug Enforcement Administration (DEA) announced it intends to negotiate and issue a sole-source firm fixed price award to…

 

Low birth registration, high cost hinder access to legal ID in Sub Saharan Africa

While the need for legal and digital ID remains ever pressing as a result of the digital transformation wind blowing…

 

Biometric authentication invaluable, set to further enhance security in Africa

A webinar held during the Digital ID Hackathon for Africa organized by Upanzi Network and Microsave Consulting in partnership with…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events