State Laws-Biometric Data. Biometric information, or physical and behavioral traits used to identify a particular person (i.e. fingerprints, facial features, etc.) has been the subject of several state privacy laws. Illinois was the first, passing the Biometric Information Privacy Act (BIPA) in 2008, which remains the strongest biometric privacy law in the country. BIPA requires private entities to obtain consent before collecting or disclosing biometric identifiers, to destroy stored biometric data in a timely fashion, and to store biometric data securely. Similar to the CCPA, BIPA also provides for a private right of action. Under BIPA, a person can recover liquidated damages of up to $5,000 or actual damages, whichever amount is greater, for an intentional or reckless violation of BIPA. In 2019 alone, there have already been over 160 class actions filed asserting BIPA violations. Texas also passed a biometric privacy law in 2009. Texas’ biometric privacy law is somewhat narrower than Illinois’. Texas defines biometric information as “a retina or iris scan, fingerprint, voiceprint, or record of hand or face geometry” and does not provide a private right of action. Washington passed H.B. 1493, effective July 23, 2017, which establishes requirements for businesses that collect and use biometric identifiers. The Washington law excludes facial recognition data and provides an exemption for biometric data collected for a “security purpose.” The Washington law does not provide a private right of action. Both the Texas and Washington statutes are limited in application—both only apply to “commercial purposes,” which are differently defined within each statute. Neither Texas nor Washington permits the sale of collected biometric identifiers. State Laws-Drivers’ Licenses and Identification Cards. New Jersey’s Personal Information Privacy Protection Act (PIPPA), which became effective October 1, 2017, limits the purposes for which businesses may scan customers’ identification cards and prohibits sharing that information with third parties without effective disclosure to consumers. PIPPA provides a private right of action for aggrieved consumers and provides civil penalties—$2,500 for a first offense and $5,000 for subsequent offenses.
135
Made with FlippingBook - Online Brochure Maker