Biometric Info Emerging As Major Liability Risk

A law in Illinois is seen as a possible model, as more states contemplate regulating how companies handle consumer biometric information. The Illinois law, known as the Biometric Information Privacy act, was passed in part because the Illinois legislature anticipated companies would increasingly use this kind of information to facilitate financial transactions. It’s not a perfect security strategy, however. Biometric data, “unlike other personally identifiable information, cannot realistically be changed if subject to theft,” notes this post from Foley & Lardner. In any case, in addition to financial transactions, biometric data is also being used increasingly to gain entry to cars and buildings, to pass security check points, and to log into accounts on computer and mobile devices. Since 2015 under the Illinois statute, at least six cases have been filed, with the first reported settlement, for $1.5 million, approved in December of last year. With this background in mind, companies are advised to ensure their notice, consent, and disposal policies for consumer biometric data “align with currently enacted legislation and are agile and amenable to updates as other states may endorse similar biometric statutes.”