FB pixel

Don’t overlook US state law protecting collection of genetic data – legal insiders

| Jim Nash
Categories Biometrics News  |  Commercial Applications
Don’t overlook US state law protecting collection of genetic data – legal insiders
 

A pair of news stories this month, one only tangentially related to personal privacy, again point out the stakes involved in the commercial use of biometric identifiers.

In the U.S. state of Illinois, home of the landmark Biometric Information Privacy Act, plaintiffs who feel their identifiers are being misused have found a second state biometric law. This one addresses the use of genetic information by non-government organizations.

And indirectly, a breach at consumer genetics testing service 23andMe gives some more ammunition to privacy advocates who say DNA biometrics deserve better protection.

An analysis of Illinois’ Genetic Information Privacy Act in the insurance trade publication Claims Journal warns that GIPA could financially devastate some companies if they are not careful. (The states of Montana and California have passed their own GIPAs.)

The article says that, while enacted in 1998, the act has resulted in few lawsuits. Thirty cases were filed this year in Cook County, which includes Chicago.

The law allows for individuals to sue and for them to seek actual or statutory damage. Successful plaintiffs can collect $2,500 for each negligent violation and $15,000 per intentional or reckless violation.

An organization needs to get express written consent before transferring or disclosing genetic data. GIPA also outlaws insurance companies from using the data for anything other than therapeutic or underwriting purposes.

It also prohibits employers from asking for or requiring genetic tests in any way related to the terms of employment, according to the article.

The 23andMe situation is more nuanced. It actually is a story about a credential-stuffing attack, according to IT trade publication BleepingComputer. But the data stolen includes photos, gender and genetic ancestry, valuable information that cannot be changed once exposed.

In this context, it is important to note that anyone victimized in the credential-stuffing attack only has themselves to blame. They reused passwords.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

GLEIF kicks off corporate digital identity hackathon

The Global Legal Entity Identifier Foundation (GLEIF) has launched a hackathon aimed at developing new applications for its organizational digital…

 

Ethiopia gets accolades for leading digital transformation in Horn of Africa

At a recent meeting of Horn of Africa Finance Ministers in Kenya’s capital Nairobi, Ethiopia’s digital transformation progress got thumps…

 

Financial fraud prompts $14M digital identity intelligence investment, calls for action

Financial institutions and regulators continue to invest in anti-fraud and identity verification. Barclays has invested in anti-fraud platform Heka as…

 

Age estimation at the shop, age verification online: France laws tested with questions

In France, age assurance tools are showing up online and at retail vendors selling age restricted products, prompting questions from…

 

Ofcom planning more safety measures to tackle addictive design

It has been noted previously in these pages that the UK is looking to be taken seriously in pursuing its…

 

OFIQ community reviews early results of biometric quality assessment tool

The standardization of image quality for face biometrics is a major step towards making population-scale biometric systems functional, and as…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events