Biometric information is a physiological way of identifying a person. Examples include fingerprints, facial recognition, DNA, and retina recognition. Since these are unique to each person and less vulnerable than passwords, biometric information is now being used for security purposes in many ways.
Many products on the market now use biometric information as part of their security system. One example is Apple’s iPhone, which allows users to use their fingerprints or facial recognition to unlock their phone. Many childcare centers invest in finger print systems for parents to check their children in and out of the center. Fitness centers and tanning salons are also using them to track members’ facility usage.
Illinois enacted the Biometric Information Privacy Act in 2008. This act, known as BIPA, requires companies to meet certain requirements when collecting biometric information. The exact requirements are detailed here but essentially, they require written notice of what the company will do to protect this sensitive data. There is also a similar law in Texas.
Recently, class action lawsuits have been filed against companies that collect biometric information without providing the information required under BIPA to their customers. Two national tanning salon chains and a national childcare company have been recent targets for lawsuits. Insurance coverage for these lawsuits is not guaranteed so companies may be on the hook themselves. Damages under BIPA can quickly add up given that the statute allows for $1,000 to $5,000 per violation. Even companies not headquartered in Illinois have had to settle lawsuits under BIPA if they have customers or locations in the state.
If your company is thinking of collecting biometric information from customers in any way, carefully research BIPA and other laws in your state. Consult with a legal professional to ensure that your organization is complying with these laws and notifying customers about how their biometric information will be stored and protected.