IL
Illinois House Bill HB4102

Illinois 2023-2024 Regular Session

Illinois House Bill HB4102 Compare Versions

Only one version of the bill is available at this time.
OldNewDifferences
11 103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 HB4102 Introduced , by Rep. La Shawn K. Ford SYNOPSIS AS INTRODUCED: 740 ILCS 14/10740 ILCS 14/15 Amends the Biometric Information Privacy Act. Defines "security purpose" as a purpose to ensure that (i) a person accessing an online product or service is who they person claims to be or (ii) a person identified as a safety concern or as a person violating the terms of use or service of the online product or service can be kept off of or denied access to the product or service. Provides that no private entity in possession of a biometric identifier or biometric information may disclose, redisclose, or otherwise disseminate a person's or customer's biometric identifier or biometric information unless it is done in furtherance of a security purpose. Provides that a private entity is not required to comply with the 3-year retention limitation of biometric identifiers or biometric information if the biometric identifiers or biometric information are being collected for a security purpose. LRB103 32688 LNS 62409 b A BILL FOR 103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 HB4102 Introduced , by Rep. La Shawn K. Ford SYNOPSIS AS INTRODUCED: 740 ILCS 14/10740 ILCS 14/15 740 ILCS 14/10 740 ILCS 14/15 Amends the Biometric Information Privacy Act. Defines "security purpose" as a purpose to ensure that (i) a person accessing an online product or service is who they person claims to be or (ii) a person identified as a safety concern or as a person violating the terms of use or service of the online product or service can be kept off of or denied access to the product or service. Provides that no private entity in possession of a biometric identifier or biometric information may disclose, redisclose, or otherwise disseminate a person's or customer's biometric identifier or biometric information unless it is done in furtherance of a security purpose. Provides that a private entity is not required to comply with the 3-year retention limitation of biometric identifiers or biometric information if the biometric identifiers or biometric information are being collected for a security purpose. LRB103 32688 LNS 62409 b LRB103 32688 LNS 62409 b A BILL FOR
22 103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 HB4102 Introduced , by Rep. La Shawn K. Ford SYNOPSIS AS INTRODUCED:
33 740 ILCS 14/10740 ILCS 14/15 740 ILCS 14/10 740 ILCS 14/15
44 740 ILCS 14/10
55 740 ILCS 14/15
66 Amends the Biometric Information Privacy Act. Defines "security purpose" as a purpose to ensure that (i) a person accessing an online product or service is who they person claims to be or (ii) a person identified as a safety concern or as a person violating the terms of use or service of the online product or service can be kept off of or denied access to the product or service. Provides that no private entity in possession of a biometric identifier or biometric information may disclose, redisclose, or otherwise disseminate a person's or customer's biometric identifier or biometric information unless it is done in furtherance of a security purpose. Provides that a private entity is not required to comply with the 3-year retention limitation of biometric identifiers or biometric information if the biometric identifiers or biometric information are being collected for a security purpose.
77 LRB103 32688 LNS 62409 b LRB103 32688 LNS 62409 b
88 LRB103 32688 LNS 62409 b
99 A BILL FOR
1010 HB4102LRB103 32688 LNS 62409 b HB4102 LRB103 32688 LNS 62409 b
1111 HB4102 LRB103 32688 LNS 62409 b
1212 1 AN ACT concerning civil law.
1313 2 Be it enacted by the People of the State of Illinois,
1414 3 represented in the General Assembly:
1515 4 Section 5. The Biometric Information Privacy Act is
1616 5 amended by changing Sections 10 and 15 as follows:
1717 6 (740 ILCS 14/10)
1818 7 Sec. 10. Definitions. In this Act:
1919 8 "Biometric identifier" means a retina or iris scan,
2020 9 fingerprint, voiceprint, or scan of hand or face geometry.
2121 10 Biometric identifiers do not include writing samples, written
2222 11 signatures, photographs, human biological samples used for
2323 12 valid scientific testing or screening, demographic data,
2424 13 tattoo descriptions, or physical descriptions such as height,
2525 14 weight, hair color, or eye color. Biometric identifiers do not
2626 15 include donated organs, tissues, or parts as defined in the
2727 16 Illinois Anatomical Gift Act or blood or serum stored on
2828 17 behalf of recipients or potential recipients of living or
2929 18 cadaveric transplants and obtained or stored by a federally
3030 19 designated organ procurement agency. Biometric identifiers do
3131 20 not include biological materials regulated under the Genetic
3232 21 Information Privacy Act. Biometric identifiers do not include
3333 22 information captured from a patient in a health care setting
3434 23 or information collected, used, or stored for health care
3535
3636
3737
3838 103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 HB4102 Introduced , by Rep. La Shawn K. Ford SYNOPSIS AS INTRODUCED:
3939 740 ILCS 14/10740 ILCS 14/15 740 ILCS 14/10 740 ILCS 14/15
4040 740 ILCS 14/10
4141 740 ILCS 14/15
4242 Amends the Biometric Information Privacy Act. Defines "security purpose" as a purpose to ensure that (i) a person accessing an online product or service is who they person claims to be or (ii) a person identified as a safety concern or as a person violating the terms of use or service of the online product or service can be kept off of or denied access to the product or service. Provides that no private entity in possession of a biometric identifier or biometric information may disclose, redisclose, or otherwise disseminate a person's or customer's biometric identifier or biometric information unless it is done in furtherance of a security purpose. Provides that a private entity is not required to comply with the 3-year retention limitation of biometric identifiers or biometric information if the biometric identifiers or biometric information are being collected for a security purpose.
4343 LRB103 32688 LNS 62409 b LRB103 32688 LNS 62409 b
4444 LRB103 32688 LNS 62409 b
4545 A BILL FOR
4646
4747
4848
4949
5050
5151 740 ILCS 14/10
5252 740 ILCS 14/15
5353
5454
5555
5656 LRB103 32688 LNS 62409 b
5757
5858
5959
6060
6161
6262
6363
6464
6565
6666 HB4102 LRB103 32688 LNS 62409 b
6767
6868
6969 HB4102- 2 -LRB103 32688 LNS 62409 b HB4102 - 2 - LRB103 32688 LNS 62409 b
7070 HB4102 - 2 - LRB103 32688 LNS 62409 b
7171 1 treatment, payment, or operations under the federal Health
7272 2 Insurance Portability and Accountability Act of 1996.
7373 3 Biometric identifiers do not include an X-ray, roentgen
7474 4 process, computed tomography, MRI, PET scan, mammography, or
7575 5 other image or film of the human anatomy used to diagnose,
7676 6 prognose, or treat an illness or other medical condition or to
7777 7 further validate scientific testing or screening.
7878 8 "Biometric information" means any information, regardless
7979 9 of how it is captured, converted, stored, or shared, based on
8080 10 an individual's biometric identifier used to identify a
8181 11 specific an individual. "Biometric information" does not
8282 12 include information derived from items or procedures excluded
8383 13 under the definition of biometric identifiers.
8484 14 "Confidential and sensitive information" means personal
8585 15 information that can be used to uniquely identify an
8686 16 individual or an individual's account or property. Examples of
8787 17 confidential and sensitive information include, but are not
8888 18 limited to, a genetic marker, genetic testing information, a
8989 19 unique identifier number to locate an account or property, an
9090 20 account number, a PIN number, a pass code, a driver's license
9191 21 number, or a social security number.
9292 22 "Private entity" means any individual, partnership,
9393 23 corporation, limited liability company, association, or other
9494 24 group, however organized. A private entity does not include a
9595 25 State or local government agency. A private entity does not
9696 26 include any court of Illinois, a clerk of the court, or a judge
9797
9898
9999
100100
101101
102102 HB4102 - 2 - LRB103 32688 LNS 62409 b
103103
104104
105105 HB4102- 3 -LRB103 32688 LNS 62409 b HB4102 - 3 - LRB103 32688 LNS 62409 b
106106 HB4102 - 3 - LRB103 32688 LNS 62409 b
107107 1 or justice thereof.
108108 2 "Security purpose" means a purpose to ensure that (i) a
109109 3 person accessing an online product or service is who they
110110 4 person claims to be or (ii) a person identified as a safety
111111 5 concern or as a person violating the terms of use or service of
112112 6 the online product or service can be kept off of or denied
113113 7 access to the product or service.
114114 8 "Written release" means informed written consent or, in
115115 9 the context of employment, a release executed by an employee
116116 10 as a condition of employment.
117117 11 (Source: P.A. 95-994, eff. 10-3-08.)
118118 12 (740 ILCS 14/15)
119119 13 Sec. 15. Retention; collection; disclosure; destruction.
120120 14 (a) A private entity in possession of biometric
121121 15 identifiers or biometric information must develop a written
122122 16 policy, made available to the public, establishing a retention
123123 17 schedule and guidelines for permanently destroying biometric
124124 18 identifiers and biometric information when the initial purpose
125125 19 for collecting or obtaining such identifiers or information
126126 20 has been satisfied or within 3 years of the individual's last
127127 21 interaction with the private entity, whichever occurs first.
128128 22 Absent a valid warrant or subpoena issued by a court of
129129 23 competent jurisdiction, a private entity in possession of
130130 24 biometric identifiers or biometric information must comply
131131 25 with its established retention schedule and destruction
132132
133133
134134
135135
136136
137137 HB4102 - 3 - LRB103 32688 LNS 62409 b
138138
139139
140140 HB4102- 4 -LRB103 32688 LNS 62409 b HB4102 - 4 - LRB103 32688 LNS 62409 b
141141 HB4102 - 4 - LRB103 32688 LNS 62409 b
142142 1 guidelines.
143143 2 (b) No private entity may collect, capture, purchase,
144144 3 receive through trade, or otherwise obtain a person's or a
145145 4 customer's biometric identifier or biometric information,
146146 5 unless it first:
147147 6 (1) informs the subject or the subject's legally
148148 7 authorized representative in writing that a biometric
149149 8 identifier or biometric information is being collected or
150150 9 stored;
151151 10 (2) informs the subject or the subject's legally
152152 11 authorized representative in writing of the specific
153153 12 purpose and length of term for which a biometric
154154 13 identifier or biometric information is being collected,
155155 14 stored, and used; and
156156 15 (3) receives a written release executed by the subject
157157 16 of the biometric identifier or biometric information or
158158 17 the subject's legally authorized representative.
159159 18 (c) No private entity in possession of a biometric
160160 19 identifier or biometric information may sell, lease, trade, or
161161 20 otherwise profit from a person's or a customer's biometric
162162 21 identifier or biometric information.
163163 22 (d) No private entity in possession of a biometric
164164 23 identifier or biometric information may disclose, redisclose,
165165 24 or otherwise disseminate a person's or a customer's biometric
166166 25 identifier or biometric information unless:
167167 26 (1) the subject of the biometric identifier or
168168
169169
170170
171171
172172
173173 HB4102 - 4 - LRB103 32688 LNS 62409 b
174174
175175
176176 HB4102- 5 -LRB103 32688 LNS 62409 b HB4102 - 5 - LRB103 32688 LNS 62409 b
177177 HB4102 - 5 - LRB103 32688 LNS 62409 b
178178 1 biometric information or the subject's legally authorized
179179 2 representative consents to the disclosure or redisclosure;
180180 3 (2) the disclosure or redisclosure completes a
181181 4 financial transaction requested or authorized by the
182182 5 subject of the biometric identifier or the biometric
183183 6 information or the subject's legally authorized
184184 7 representative;
185185 8 (3) the disclosure or redisclosure is required by
186186 9 State or federal law or municipal ordinance; or
187187 10 (4) the disclosure is required pursuant to a valid
188188 11 warrant or subpoena issued by a court of competent
189189 12 jurisdiction; or .
190190 13 (5) it is done in furtherance of a security purpose.
191191 14 (e) A private entity in possession of a biometric
192192 15 identifier or biometric information shall:
193193 16 (1) store, transmit, and protect from disclosure all
194194 17 biometric identifiers and biometric information using the
195195 18 reasonable standard of care within the private entity's
196196 19 industry; and
197197 20 (2) store, transmit, and protect from disclosure all
198198 21 biometric identifiers and biometric information in a
199199 22 manner that is the same as or more protective than the
200200 23 manner in which the private entity stores, transmits, and
201201 24 protects other confidential and sensitive information.
202202 25 (f) A private entity shall not be required to comply with
203203 26 the 3-year retention limitation of biometric identifiers or
204204
205205
206206
207207
208208
209209 HB4102 - 5 - LRB103 32688 LNS 62409 b
210210
211211
212212 HB4102- 6 -LRB103 32688 LNS 62409 b HB4102 - 6 - LRB103 32688 LNS 62409 b
213213 HB4102 - 6 - LRB103 32688 LNS 62409 b
214214 1 biometric information of subsection (a) or the requirements of
215215 2 subsection (b) if the biometric identifiers or biometric
216216 3 information are being collected for a security purpose.
217217 4 (Source: P.A. 95-994, eff. 10-3-08.)
218218
219219
220220
221221
222222
223223 HB4102 - 6 - LRB103 32688 LNS 62409 b