South Carolina Biometric Data Privacy Act could increase compliance obligations
Biometric data privacy legislation has been introduced in South Carolina which could introduce a new set of compliance obligations for companies selling and using biometrics in the state, according to an opinion piece written by David Oberly of Blank Rome for Law360.
The Biometric Data Privacy Act (BDPA), currently before the House Committee on Labor, Commerce and Industry, takes a different approach from bills proposed in New York and Maryland, as well as Illinois’ BIPA. Clauses relating to notice, written consent, and reasonable data security measures are recognizable, and the proposal includes a private right of action, with statutory damages of up to $10,000 for intentional or wilful violations.
Where BDPA differs, however, is in similarities to the California Consumer Privacy Act and Virginia Consumer Data Protection Act, Oberly writes. Consumers would be granted rights to access or delete their biometric data, and opt out of its use, as well as protections against discrimination. Companies would also be obliged to provide an option for consumers to block the sale of their biometric data, along with information about their rights, and mandatory employee training for employees handling consumer inquiries and compliance is stipulated. There are also a set of obligations around timely reporting of data breaches, which come with their own fines for violations.
Businesses can also pay consumers to use or sell their biometric data under BDPA, if they meet a prescribed set of obligations.
The Act continues a trend among U.S. states of using a private right of action as the primary enforcement mechanism for biometric data privacy laws, according to Oberly, and could set up a wave of litigation as BIPA has.
If the Act is passed and seen as successful, it could also influence the course taken by other states, further increasing the compliance burden for biometrics providers and their customers.
Oberly recommends businesses begin proactively working to establish flexible and adaptive compliance programs to ensure they can accommodate their changing obligations related to biometrics use.