If enacted, HB2064 would establish a framework under which private entities are required to create written policies governing biometric data. These policies would determine how long biometric identifiers are retained and when they must be destroyed. The bill provides individuals with a right of action to seek damages if their biometric information is mishandled, which could significantly impact businesses that rely on biometric technology. It mandates that companies must obtain informed consent before collecting biometric data and ensures that individuals are provided with clear disclosures regarding the purpose of data collection.
Summary
House Bill 2064, known as the Biometric Information Privacy Act, aims to regulate the collection, usage, retention, and destruction of biometric identifiers such as fingerprints, voiceprints, and facial recognition data. This bill acknowledges the growing usage of biometric data in business and security sectors, while also recognizing the unique risks associated with this type of sensitive information. Once compromised, biometric data cannot be changed like other identifiers, which raises significant concerns regarding identity theft and personal privacy. The bill's legislative findings highlight a public wariness about biometric data, especially when linked to financial transactions and personal information.
Sentiment
The sentiment surrounding HB2064 appears to be generally supportive among privacy advocates who view the legislation as a much-needed step towards protecting personal data. However, some businesses may regard these regulations as burdensome due to the additional compliance requirements and potential liabilities. There are concerns about the implications for industries that utilize biometric technology, as they might face increased operational costs and limitations in how they handle customer identifiers.
Contention
Notable points of contention include the potential impact on businesses that utilize biometric identifiers. Critics may argue that the requirements for consent and the right to seek damages could complicate operations, especially for small businesses or startups that implement biometric technology. Additionally, the exemptions for certain financial institutions and government agencies might draw scrutiny, as they create disparities in the applicability of privacy protections across different sectors.
Establishes the Biometric Information Privacy Act, which establishes requirements for and a cause of action against private entities in possession of biometric information
Biometric information; the Biometric Information Privacy Act; private entities; policy; identifiers; information; dissemination; standards; right of action; recovery; effective date.