Biometric data is an increasingly valuable source of personal information. Some states like Illinois have made it possible to sue a company for using said information without written consent. However, increasingly, biometric information is omitted for outright excluded from many insurance policies. In the past six months, we’ve begun seeing additional exclusions added to D&O, Employment Practices Liability and Cyber Policies.
Biometrics refer to using things like retinal scans, thumbprints and even hair to access secure networks, similar to what you would see in a science fiction show. In real life, this has been used as a secondary way to log onto networks as an alternative to Passwords. Additionally, businesses are using biometric information for employees in a wide variety of places such as building entry and time keeping. Most recently, due to the COVID 19 reopening issues employers are using Biometrics to record temperature readings and storing that information. The changing environment is leading to new uses of the technology. Unfortunately, insurance carriers are beginning to realize the privacy exposure and as such are excluding claims arising from or relating to them.
In Illinois, the most stringent state regarding Biometrics, if you don’t grant permission to hold on to or even collect this data you are open to liability, fines and penalties. Six Flags was on that end of a lawsuit when a season pass holder sued them in Illinois over collecting fingerprint data. A policy with this included could cover what they had been sued for.
As technology evolves and security measures change, companies must be diligent in ensuring that they are within regulatory guidelines when adapting to new technology. Consult your insurance professional before instituting any processes collecting biometric or other personal data.