Four Things A Business Should Consider Before Collecting Biometric Data

November 4, 2018 by

“Biometric data” typically refers to a retina or iris scan, fingerprint, voiceprint, or scan of a hand or face geometry used to identify an individual (although definitions vary). The collection of biometric data will increase as this technology continues to advance. Provided below are four points for proactive businesses to consider.

 

  1. To date, three states (Illinois, Texas, and Washington) have passed laws specifically governing the collection, use, disclosure, and destruction of biometric data. Currently no single federal statute specifically addresses a business’s obligations regarding the collection, use, or retention of biometric information.
    • The Illinois Biometric Information Privacy Act (BIPA)
    • The Texas Capture or Use of Biometric Identifier Act (CUBI)
    • Washington state’s law regarding biometric identifiers (not titled)

    If your business is recording customer service calls in Illinois, Texas, and Washington, your business is likely collecting biometric data, implicating the above referenced laws. Of course, this is in addition to existing laws restricting the recording or monitoring of phone calls.

 

  1. Even if your business is not considered to be collecting biometric data in Illinois, Texas, or Washington, you may nevertheless want to consider adopting policies that address the collection of biometric data since the trend nationwide is to continue to be more restrictive on businesses handling such private information. The common themes associated with the protection of biometric data from collection by businesses include requiring that businesses:
    • Obtain consent to obtain the biometric data.
    • Obtain consent on how the biometric data will be used.
    • Adopt policies for retaining biometric data and keeping biometric data confidential.

    Other states (like Alaska, Connecticut, Massachusetts, Montana, and New Hampshire) have recently considered similar laws. Other states have privacy laws that overlap with the collection of biometric data. For example, the California Labor Code makes it a misdemeanor for an employer to require an employee or applicant to be photographed or fingerprinted as a condition of employment if the employer plans to provide the information to a third party and if the information could be used to the employee’s detriment (Cal. Lab. Code § 1051).

    The bottom line here is that there is a lot of uncertainty in the existing law. Any internal policies should be adopted in consultation with your counsel and an evaluation of the privacy laws of the jurisdictions in which you do business.

 

  1. Currently, the only state where a biometric privacy statute has provided the private right to sue is ILLINOIS. This has resulted in numerous lawsuits pending in Illinois over alleged misuse of biometric data collected by businesses. The Texas and Washington statutes are currently enforced by each State’s Attorney General.

 

  1. It is understandably difficult in the current climate for businesses to know exactly what to do if they are collecting biometric data (especially in jurisdictions where no biometric privacy laws have been enacted). In that case, businesses should typically:
    • Identify and understand the relevant and applicable biometric privacy laws applicable to your business and evaluate the penalties for violating such laws.
    • Determine what obligations your business may have regarding: (1) providing proper notice to those individuals from whom your business collects biometric data; (2) obtaining the proper consent from such individuals; (3) using, storing, or destroying the biometric data collected; and (4) proactively develop internal policies regarding the above.

 

Adam Fox focuses his practice on assisting his clients in M&A transactions, exempt securities transactions and corporate governance issues. Brown Fox PLLC is a law firm focused on advising and representing businesses and business leaders, with a focus on what businesses face daily, including litigation, corporate, labor and employment, and real estate matters. 

Adam Fox
adam@brownfoxlaw.com

Adam Fox co-founded Brown Fox and has emerged as a go-to confidant and wise counsel for business leadership, ranging from billion dollar companies to innovative start-ups.

Learn More

Founded in 2010, Brown Fox is a business boutique law firm focused on serving businesses, executives and entrepreneurs in practice areas most commonly needed to advance business growth, manage risk, and defend from attack. The firm’s representative clientele includes companies ranging from start-ups to publicly traded companies. The firm has offices in Dallas and Frisco.

Best Lawyers recently named Brown Fox a Tier 1 Best Law Firm for a third year in a row, Chambers & Partners has recognized the firm as a top small to midsize firm in both of its Regional Spotlights, and Inc. 5000 has twice recognized the firm as one of the Fastest Growing Private Companies in America. The firm’s attorneys have garnered over seventy Super Lawyers Rising Stars honors, several Best Lawyers honors from both D Magazine and Best Lawyers in America, among other honors.

Character Matters® is the firm’s foundational maxim; its core values of integrity, servant leadership, excellence, and impact are its roots. Brown Fox is committed to aggressively and creatively representing our clients, while staying true to the firm’s guiding principles. Learn more about Brown Fox by clicking here.


Integrity-Driven Advocates, Problem Solvers, and Counselors Ready to Serve.
Meet Brown Fox