FB pixel

Don’t overlook US state law protecting collection of genetic data – legal insiders

| Jim Nash
Categories Biometrics News  |  Commercial Applications
Don’t overlook US state law protecting collection of genetic data – legal insiders
 

A pair of news stories this month, one only tangentially related to personal privacy, again point out the stakes involved in the commercial use of biometric identifiers.

In the U.S. state of Illinois, home of the landmark Biometric Information Privacy Act, plaintiffs who feel their identifiers are being misused have found a second state biometric law. This one addresses the use of genetic information by non-government organizations.

And indirectly, a breach at consumer genetics testing service 23andMe gives some more ammunition to privacy advocates who say DNA biometrics deserve better protection.

An analysis of Illinois’ Genetic Information Privacy Act in the insurance trade publication Claims Journal warns that GIPA could financially devastate some companies if they are not careful. (The states of Montana and California have passed their own GIPAs.)

The article says that, while enacted in 1998, the act has resulted in few lawsuits. Thirty cases were filed this year in Cook County, which includes Chicago.

The law allows for individuals to sue and for them to seek actual or statutory damage. Successful plaintiffs can collect $2,500 for each negligent violation and $15,000 per intentional or reckless violation.

An organization needs to get express written consent before transferring or disclosing genetic data. GIPA also outlaws insurance companies from using the data for anything other than therapeutic or underwriting purposes.

It also prohibits employers from asking for or requiring genetic tests in any way related to the terms of employment, according to the article.

The 23andMe situation is more nuanced. It actually is a story about a credential-stuffing attack, according to IT trade publication BleepingComputer. But the data stolen includes photos, gender and genetic ancestry, valuable information that cannot be changed once exposed.

In this context, it is important to note that anyone victimized in the credential-stuffing attack only has themselves to blame. They reused passwords.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

OCR Studio expands KYC fraud detection for AI-generated identity documents

Fake documents made with the help of generative AI are becoming increasingly more convincing. Document analysis and data extraction software…

 

ID4Africa speakers urge legal identity inclusion for refugees, stateless persons

African governments must accelerate efforts to provide legal and digital identity to refugees and stateless populations, according to speakers at…

 

Biometrics lawyer Dan Saeedi talks BIPA on Biometric Update Podcast

Dan Saeedi is a BIPA buster. The renowned Chicago attorney, CIPP/US,a partner and team co-lead of the biometric privacy team…

 

World Bank, African DPAs outline formula for trusted digital identity, DPI

Trust has moved steadily to the center of the conversation around digital public infrastructure and identity at ID4Africa, and the…

 

UK watchdog warns of legal risks as London police deploy LFR at protest

London’s Metropolitan Police will deploy live facial recognition (LFR) technology at a protest for the first time this weekend, prompting…

 

Age assurance debate arrives in Bangladesh

The dominos continue to fall in the game of global online safety legislation targeting social media platforms. Bangladesh is weighing…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events