New York State Lawmakers Propose New Biometric Privacy Act
On January 6, New York legislators introduced Assembly Bill 27, the Biometric Privacy Act (BPA). The BPA is a new piece of privacy legislation that would give consumers greater control over their biometric identifiers and biometric information; including the right to enforce the BPA through a private right of action. Under the new bill, biometric identifiers include retina or iris scan, fingerprint, voiceprint, and scans of hand or face geometry. Biometric information broadly encompasses any information used to identify an individual that is based on an individual’s biometric identifier.
The BPA would prevent private entities in possession of biometric identifiers or biometric information from selling, leasing, trading, or otherwise profiting from a person’s biometric identifier or information. It would further prevent a private entity from disclosing or disseminating such information unless it meets certain criteria, such as receiving consent from the person or where disclosure takes place to complete a requested financial transaction. Private entities in possession of biometric identifiers or information would also be required to develop a written policy establishing a retention schedule and guidelines for destroying the information. Importantly, like Illinois’ law governing biometric information, the BPA includes a private right of action, allowing individuals to seek statutory damages of up to $5,000 per violation.
At this juncture, the BPA has been referred to the consumer affairs and protection committee for further review. Currently, only Illinois, Texas, and Washington have succeeded in passing biometric privacy laws regulating how companies handle biometric data.
For assistance with creating or reviewing your organization’s privacy compliance program or privacy laws in general, please contact John Landolfi, Christopher Ingram, Christopher LaRocco, Sarah Boudouris, Gretchen Rutz, or your Vorys attorney.