103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 SB1511 Introduced 2/7/2023, by Sen. Bill Cunningham SYNOPSIS AS INTRODUCED: 740 ILCS 14/10740 ILCS 14/15 Amends the Biometric Privacy Information Act. Defines "security purpose" as the purpose of preventing retail theft, fraud, or any other misappropriation or theft of a thing of value, including protecting property from trespass, controlling access to property, protecting any person from harm, including stalking, violence, or harassment, and assisting a law enforcement investigation. Allows a private entity to collect, capture, or otherwise obtain a person's or customer's biometric identifier or biometric information without satisfying other specified requirements if: (1) the private entity collects, captures, or otherwise obtains a person's or customer's biometric identifier or biometric information for a security purpose; (2) the private entity uses the biometric identifier or biometric information only for a security purpose; (3) the private entity retains the biometric identifier or biometric information no longer than is reasonably necessary to satisfy a security purpose; and (4) the private entity documents a process and time frame to delete any biometric identifier or biometric information. LRB103 25583 LNS 51932 b A BILL FOR 103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 SB1511 Introduced 2/7/2023, by Sen. Bill Cunningham SYNOPSIS AS INTRODUCED: 740 ILCS 14/10740 ILCS 14/15 740 ILCS 14/10 740 ILCS 14/15 Amends the Biometric Privacy Information Act. Defines "security purpose" as the purpose of preventing retail theft, fraud, or any other misappropriation or theft of a thing of value, including protecting property from trespass, controlling access to property, protecting any person from harm, including stalking, violence, or harassment, and assisting a law enforcement investigation. Allows a private entity to collect, capture, or otherwise obtain a person's or customer's biometric identifier or biometric information without satisfying other specified requirements if: (1) the private entity collects, captures, or otherwise obtains a person's or customer's biometric identifier or biometric information for a security purpose; (2) the private entity uses the biometric identifier or biometric information only for a security purpose; (3) the private entity retains the biometric identifier or biometric information no longer than is reasonably necessary to satisfy a security purpose; and (4) the private entity documents a process and time frame to delete any biometric identifier or biometric information. LRB103 25583 LNS 51932 b LRB103 25583 LNS 51932 b A BILL FOR
103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 SB1511 Introduced 2/7/2023, by Sen. Bill Cunningham SYNOPSIS AS INTRODUCED:
740 ILCS 14/10740 ILCS 14/15 740 ILCS 14/10 740 ILCS 14/15
740 ILCS 14/10
740 ILCS 14/15
Amends the Biometric Privacy Information Act. Defines "security purpose" as the purpose of preventing retail theft, fraud, or any other misappropriation or theft of a thing of value, including protecting property from trespass, controlling access to property, protecting any person from harm, including stalking, violence, or harassment, and assisting a law enforcement investigation. Allows a private entity to collect, capture, or otherwise obtain a person's or customer's biometric identifier or biometric information without satisfying other specified requirements if: (1) the private entity collects, captures, or otherwise obtains a person's or customer's biometric identifier or biometric information for a security purpose; (2) the private entity uses the biometric identifier or biometric information only for a security purpose; (3) the private entity retains the biometric identifier or biometric information no longer than is reasonably necessary to satisfy a security purpose; and (4) the private entity documents a process and time frame to delete any biometric identifier or biometric information.
LRB103 25583 LNS 51932 b LRB103 25583 LNS 51932 b
LRB103 25583 LNS 51932 b
A BILL FOR
SB1511LRB103 25583 LNS 51932 b SB1511 LRB103 25583 LNS 51932 b
SB1511 LRB103 25583 LNS 51932 b
1 AN ACT concerning civil law.
2 Be it enacted by the People of the State of Illinois,
3 represented in the General Assembly:
4 Section 5. The Biometric Information Privacy Act is
5 amended by changing Sections 10 and 15 as follows:
6 (740 ILCS 14/10)
7 Sec. 10. Definitions. In this Act:
8 "Biometric identifier" means a retina or iris scan,
9 fingerprint, voiceprint, or scan of hand or face geometry.
10 Biometric identifiers do not include writing samples, written
11 signatures, photographs, human biological samples used for
12 valid scientific testing or screening, demographic data,
13 tattoo descriptions, or physical descriptions such as height,
14 weight, hair color, or eye color. Biometric identifiers do not
15 include donated organs, tissues, or parts as defined in the
16 Illinois Anatomical Gift Act or blood or serum stored on
17 behalf of recipients or potential recipients of living or
18 cadaveric transplants and obtained or stored by a federally
19 designated organ procurement agency. Biometric identifiers do
20 not include biological materials regulated under the Genetic
21 Information Privacy Act. Biometric identifiers do not include
22 information captured from a patient in a health care setting
23 or information collected, used, or stored for health care
103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 SB1511 Introduced 2/7/2023, by Sen. Bill Cunningham SYNOPSIS AS INTRODUCED:
740 ILCS 14/10740 ILCS 14/15 740 ILCS 14/10 740 ILCS 14/15
740 ILCS 14/10
740 ILCS 14/15
Amends the Biometric Privacy Information Act. Defines "security purpose" as the purpose of preventing retail theft, fraud, or any other misappropriation or theft of a thing of value, including protecting property from trespass, controlling access to property, protecting any person from harm, including stalking, violence, or harassment, and assisting a law enforcement investigation. Allows a private entity to collect, capture, or otherwise obtain a person's or customer's biometric identifier or biometric information without satisfying other specified requirements if: (1) the private entity collects, captures, or otherwise obtains a person's or customer's biometric identifier or biometric information for a security purpose; (2) the private entity uses the biometric identifier or biometric information only for a security purpose; (3) the private entity retains the biometric identifier or biometric information no longer than is reasonably necessary to satisfy a security purpose; and (4) the private entity documents a process and time frame to delete any biometric identifier or biometric information.
LRB103 25583 LNS 51932 b LRB103 25583 LNS 51932 b
LRB103 25583 LNS 51932 b
A BILL FOR
740 ILCS 14/10
740 ILCS 14/15
LRB103 25583 LNS 51932 b
SB1511 LRB103 25583 LNS 51932 b
SB1511- 2 -LRB103 25583 LNS 51932 b SB1511 - 2 - LRB103 25583 LNS 51932 b
SB1511 - 2 - LRB103 25583 LNS 51932 b
1 treatment, payment, or operations under the federal Health
2 Insurance Portability and Accountability Act of 1996.
3 Biometric identifiers do not include an X-ray, roentgen
4 process, computed tomography, MRI, PET scan, mammography, or
5 other image or film of the human anatomy used to diagnose,
6 prognose, or treat an illness or other medical condition or to
7 further validate scientific testing or screening.
8 "Biometric information" means any information, regardless
9 of how it is captured, converted, stored, or shared, based on
10 an individual's biometric identifier used to identify an
11 individual. Biometric information does not include information
12 derived from items or procedures excluded under the definition
13 of biometric identifiers.
14 "Confidential and sensitive information" means personal
15 information that can be used to uniquely identify an
16 individual or an individual's account or property. Examples of
17 confidential and sensitive information include, but are not
18 limited to, a genetic marker, genetic testing information, a
19 unique identifier number to locate an account or property, an
20 account number, a PIN number, a pass code, a driver's license
21 number, or a social security number.
22 "Private entity" means any individual, partnership,
23 corporation, limited liability company, association, or other
24 group, however organized. A private entity does not include a
25 State or local government agency. A private entity does not
26 include any court of Illinois, a clerk of the court, or a judge
SB1511 - 2 - LRB103 25583 LNS 51932 b
SB1511- 3 -LRB103 25583 LNS 51932 b SB1511 - 3 - LRB103 25583 LNS 51932 b
SB1511 - 3 - LRB103 25583 LNS 51932 b
1 or justice thereof.
2 "Security purpose" means the purpose of preventing or
3 investigating retail theft, fraud, or any other
4 misappropriation or theft of a thing of value, including
5 protecting property from trespass, controlling access to
6 property, protecting any person from harm including stalking,
7 violence, or harassment, and assisting a law enforcement
8 investigation.
9 "Written release" means informed written consent or, in
10 the context of employment, a release executed by an employee
11 as a condition of employment.
12 (Source: P.A. 95-994, eff. 10-3-08.)
13 (740 ILCS 14/15)
14 Sec. 15. Retention; collection; disclosure; destruction.
15 (a) A private entity in possession of biometric
16 identifiers or biometric information must develop a written
17 policy, made available to the public, establishing a retention
18 schedule and guidelines for permanently destroying biometric
19 identifiers and biometric information when the initial purpose
20 for collecting or obtaining such identifiers or information
21 has been satisfied or within 3 years of the individual's last
22 interaction with the private entity, whichever occurs first.
23 Absent a valid warrant or subpoena issued by a court of
24 competent jurisdiction, a private entity in possession of
25 biometric identifiers or biometric information must comply
SB1511 - 3 - LRB103 25583 LNS 51932 b
SB1511- 4 -LRB103 25583 LNS 51932 b SB1511 - 4 - LRB103 25583 LNS 51932 b
SB1511 - 4 - LRB103 25583 LNS 51932 b
1 with its established retention schedule and destruction
2 guidelines.
3 (b) No private entity may collect, capture, purchase,
4 receive through trade, or otherwise obtain a person's or a
5 customer's biometric identifier or biometric information,
6 unless it first:
7 (1) informs the subject or the subject's legally
8 authorized representative in writing that a biometric
9 identifier or biometric information is being collected or
10 stored;
11 (2) informs the subject or the subject's legally
12 authorized representative in writing of the specific
13 purpose and length of term for which a biometric
14 identifier or biometric information is being collected,
15 stored, and used; and
16 (3) receives a written release executed by the subject
17 of the biometric identifier or biometric information or
18 the subject's legally authorized representative.
19 (b-5) A private entity may collect, capture, or otherwise
20 obtain a person's or customer's biometric identifier or
21 biometric information without satisfying the requirements of
22 subsection (b) if:
23 (1) the private entity collects, captures, or
24 otherwise obtains a person's or customer's biometric
25 identifier or biometric information for a security
26 purpose;
SB1511 - 4 - LRB103 25583 LNS 51932 b
SB1511- 5 -LRB103 25583 LNS 51932 b SB1511 - 5 - LRB103 25583 LNS 51932 b
SB1511 - 5 - LRB103 25583 LNS 51932 b
1 (2) the private entity uses the biometric identifier
2 or biometric information only for a security purpose;
3 (3) the private entity retains the biometric
4 identifier or biometric information no longer than is
5 reasonably necessary to satisfy a security purpose; and
6 (4) the private entity documents a process and time
7 frame to delete any biometric identifier or biometric
8 information used for the purposes identified in this
9 subsection.
10 (c) No private entity in possession of a biometric
11 identifier or biometric information may sell, lease, trade, or
12 otherwise profit from a person's or a customer's biometric
13 identifier or biometric information.
14 (d) No private entity in possession of a biometric
15 identifier or biometric information may disclose, redisclose,
16 or otherwise disseminate a person's or a customer's biometric
17 identifier or biometric information unless:
18 (1) the subject of the biometric identifier or
19 biometric information or the subject's legally authorized
20 representative consents to the disclosure or redisclosure;
21 (2) the disclosure or redisclosure completes a
22 financial transaction requested or authorized by the
23 subject of the biometric identifier or the biometric
24 information or the subject's legally authorized
25 representative;
26 (3) the disclosure or redisclosure is required by
SB1511 - 5 - LRB103 25583 LNS 51932 b
SB1511- 6 -LRB103 25583 LNS 51932 b SB1511 - 6 - LRB103 25583 LNS 51932 b
SB1511 - 6 - LRB103 25583 LNS 51932 b
1 State or federal law or municipal ordinance; or
2 (4) the disclosure is required pursuant to a valid
3 warrant or subpoena issued by a court of competent
4 jurisdiction.
5 (e) A private entity in possession of a biometric
6 identifier or biometric information shall:
7 (1) store, transmit, and protect from disclosure all
8 biometric identifiers and biometric information using the
9 reasonable standard of care within the private entity's
10 industry; and
11 (2) store, transmit, and protect from disclosure all
12 biometric identifiers and biometric information in a
13 manner that is the same as or more protective than the
14 manner in which the private entity stores, transmits, and
15 protects other confidential and sensitive information.
16 (Source: P.A. 95-994, eff. 10-3-08.)
SB1511 - 6 - LRB103 25583 LNS 51932 b