FB pixel

Don’t overlook US state law protecting collection of genetic data – legal insiders

Don’t overlook US state law protecting collection of genetic data – legal insiders

A pair of news stories this month, one only tangentially related to personal privacy, again point out the stakes involved in the commercial use of biometric identifiers.

In the U.S. state of Illinois, home of the landmark Biometric Information Privacy Act, plaintiffs who feel their identifiers are being misused have found a second state biometric law. This one addresses the use of genetic information by non-government organizations.

And indirectly, a breach at consumer genetics testing service 23andMe gives some more ammunition to privacy advocates who say DNA biometrics deserve better protection.

An analysis of Illinois’ Genetic Information Privacy Act in the insurance trade publication Claims Journal warns that GIPA could financially devastate some companies if they are not careful. (The states of Montana and California have passed their own GIPAs.)

The article says that, while enacted in 1998, the act has resulted in few lawsuits. Thirty cases were filed this year in Cook County, which includes Chicago.

The law allows for individuals to sue and for them to seek actual or statutory damage. Successful plaintiffs can collect $2,500 for each negligent violation and $15,000 per intentional or reckless violation.

An organization needs to get express written consent before transferring or disclosing genetic data. GIPA also outlaws insurance companies from using the data for anything other than therapeutic or underwriting purposes.

It also prohibits employers from asking for or requiring genetic tests in any way related to the terms of employment, according to the article.

The 23andMe situation is more nuanced. It actually is a story about a credential-stuffing attack, according to IT trade publication BleepingComputer. But the data stolen includes photos, gender and genetic ancestry, valuable information that cannot be changed once exposed.

In this context, it is important to note that anyone victimized in the credential-stuffing attack only has themselves to blame. They reused passwords.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


FIDO Alliance introduces passkey Design Guidelines to optimize UX

New guidance on how to implement passkeys for optimal user experience have been published by the FIDO Alliance. FIDO’s Design…


Interpol exec calls for more biometrics sharing to combat cross-border crime surge

Speaking at a recent event in London, Stephen Kavanagh, executive director of police services at Interpol, warned of a “new…


NSW launches digital inclusion strategy consultation on equitable service access

The New South Wales (NSW) government has initiated a call to action for local communities, industries, community organizations, and government…


Could be 25 years before TSA gets facial recognition in all US airports

The Transportation Security Administration (TSA) foresees significant delays in implementing facial recognition across U.S. airports if revenue continues to be…


Single solution for regulating AI unlikely as laws require flexibility and context

There is no more timely topic than the state of AI regulation around the globe, which is exactly what a…


Indonesia’s President launches platform to drive digital ID and service integration

In a bid to accelerate digital transformation in Indonesia, President Joko Widodo launched the Indonesian government’s new technology platform, INA…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events