FIRST REGULAR SESSION
SENATE BILL NO. 448
103RD GENERAL ASSEMBLY
INTRODUCED BY SENATOR TRENT.
0063S.01I KRISTINA MARTIN, Secretary
AN ACT
To amend chapter 537, RSMo, by adding thereto one new section relating to liability for disclosure
of biometric information.
Be it enacted by the General Assembly of the State of Missouri, as follows:
Section A. Chapter 537, RSMo, is amended b y adding thereto 1
one new section, to be known as section 537.323, to read as 2
follows:3
537.323. 1. As used in this section, the following 1
terms mean: 2
(1) "Biometric identifier", a retina or iris scan, 3
fingerprint, voiceprint, or scan of hand or face geometry. 4
The term "biometric identifier" shall not include the 5
following: 6
(a) Any writing sample, written signature, photograph, 7
human biological sample used for valid scientific testing or 8
screening, demographic data, tattoo descripti ons, or 9
physical descriptions such as height, weight, hair color, or 10
eye color; 11
(b) Any anatomical gift, tissue, or part, as such 12
terms are defined in section 194.210, or any blood or serum 13
stored on behalf of recipients or potential recipients o f 14
living or cadaveric transplants and obtained or stored by a 15
federally designated organ procurement organization; 16
(c) Biometric data used in genetic testing, including 17
any direct-to-consumer genetic testing, as such term is 18
defined in 45 CFR 160 .103; 19 SB 448 2
(d) Information captured from a patient in a health 20
care setting or information collected, used, or stored for 21
health care treatment, payment, or operations under the 22
federal Health Insurance Portability and Accountability Act 23
of 1996 (HIPAA), P.L. 104-191, as amended; or 24
(e) Any X-ray, roentgen process, computed tomography, 25
MRI, PET scan, mammography, or other image or film of the 26
human anatomy used to diagnose, prognose, or treat an 27
illness or other medical condition or to further validate 28
scientific testing or screening; 29
(2) "Biometric information", any information, 30
regardless of how it is captured, converted, stored, or 31
shared, based on an individual's biometric identifier used 32
to identify an individual. The term "biometric information" 33
shall not include information derived from items or 34
procedures provided in paragraphs (a) to (e) of subdivision 35
(1) of this subsection; 36
(3) "Confidential and sensitive information", personal 37
information that can be used to uniq uely identify an 38
individual or an individual's account or property. The term 39
"confidential and sensitive information" includes, but is 40
not limited to, a genetic marker, genetic testing 41
information, a unique identifier number to locate an account 42
or property, an account number, a PIN number, a passcode, a 43
driver's license number, or a Social Security number; 44
(4) "Private entity", any individual, partnership, 45
corporation, limited liability company, or association. The 46
term "private entity" sha ll not include a state or local 47
government agency, or any employee or agent thereof, or a 48
court of this state, or any clerk, judge, or justice thereof. 49
2. Except as provided in subsection 4 of this section, 50
a private entity in possession of biomet ric identifiers or 51 SB 448 3
biometric information shall not be liable for damages for 52
the unauthorized or negligent disclosure of biometric 53
identifiers or biometric information if the private entity: 54
(1) Posts and maintains signs or notices which contain 55
the warning as specified in subsection 3 of this section; 56
(2) Informs the public and the individual whose 57
biometric identifier or biometric information is being 58
collected, captured, or otherwise obtained of the specific 59
purpose for which the biome tric identifier or biometric 60
information is being used; 61
(3) Develops a written policy, made available to the 62
public, establishing a retention schedule and guidelines for 63
permanently destroying biometric identifiers and biometric 64
information when the initial purpose for collecting or 65
obtaining such biometric identifiers or biometric 66
information has been satisfied or within three years of the 67
individual's last interaction with the private entity, 68
whichever occurs first; 69
(4) Complies with the written policy described in 70
subdivision (3) of this subsection absent a valid warrant or 71
subpoena issued by a court of competent jurisdiction; and 72
(5) Stores, transmits, and protects from disclosure 73
all biometric identifiers and biometric infor mation in a 74
manner that is the same as or more protective than the 75
manner in which the private entity stores, transmits, and 76
protects other confidential and sensitive information. 77
3. Every private entity collecting biometric 78
identifiers shall pla ce a notice in a clearly visible 79
location or if in a written agreement or contract, in 80
clearly readable print, stating the following warning: 81
WARNING 82 SB 448 4
This entity obtains biometric identifiers or 83
biometric information and complies with the 84
collection and retention requirements under 85
Missouri law. This entity shall not be liable 86
for damages for the unauthorized or negligent 87
disclosure of such identifiers or information. 88
Information about this entity's collection and 89
retention schedule is made avail able to the 90
public. 91
4. The provisions of this section shall not be 92
construed to: 93
(1) Impact the admission or discovery of biometric 94
identifiers and biometric information in any action in any 95
court, or before any tribunal, board, or agency; 96
(2) Conflict with the provisions of section 334.097, 97
the federal Health Insurance Portability and Accountability 98
Act of 1996 (HIPAA), P.L. 104 -191, as amended, and any rules 99
promulgated thereunder; 100
(3) Conflict with the provisions of section s 324.1100 101
to 324.1148 and any rules promulgated thereunder; 102
(4) Apply in any manner to a financial institution or 103
an affiliate of a financial institution that is subject to 104
Title V of the federal Gramm -Leach-Bliley Act of 1999, P.L. 105
106-102, and any rules promulgated thereunder; or 106
(5) Create or increase the liability of a private 107
entity and does not affect the availability of any other 108
immunities from or defenses to liability established by law 109
or available under common law to which a p rivate entity may 110
be entitled. 111