Advancing technology allows people to use biometrics to purchase items from a store, enter secured areas and clock in at work. While this technology may protect against fraud, it opens the door to data breaches and identity theft.
The Illinois Biometric Information Privacy Act (BIPA) protects individuals against these violations.
What is biometric data?
Biometrics is the technology that uses people’s biological characteristics as a form of identification. The most common forms of biometric data are:
- Retina scans
- Facial scans
- Gait analysis
- Ear scans
How does the BIPA protect biometric data?
Biometric data is unique to each individual, and people can not change it like a password or PIN. This creates a risky situation where someone can take this data for purposes other than intended. Illinois passed the BIPA to hold data collectors liable for safeguarding this information.
BIPA requires businesses collecting biometric data to obtain written authorization informing users about:
- How companies store and use the data
- How and when the collector destroys the information
- How the data gets collected
Companies must obtain authorization each time it changes how it collects, uses or stores biometrics. For example, if an employee allows the business to obtain retina scans for entry to secured areas, the company must create an updated contract if it later uses retina scans for time clocks.
What happens if collectors do not safeguard biometric data?
Collectors of biometrics are liable for mishandling information even without a data breach or identity theft. Not adhering to the written contract regarding biometrics is enough for individuals to file claims against that company.
BIPA’s strict standards of consent may encourage people to increase their use of advancing biometric technology.