As biometrics become increasingly popular in maintaining their identity, it opens the inevitable questions about privacy begins to rear their heads. Many companies that are using this data for their security have come under scrutiny as databases become compromised.
Recently, Clearview AI, a company that houses data for the police, was compromised in February. Their program allows police to use your picture and scan your entire social profiles, from Facebook to Twitter to Instagram. In theory, it’s a program designed to cut down the time to spot and identify criminals. But when the police are scanning everyone, it’s opening people to potential identity thefts.
Many states have passed legislation designed to protect such data and impose fines on such breaches in security. The Illinois Biometric Privacy Act is one such act. The illinois Biometric Privacy Act (BIPA) is a uniquely expansive state law that imposes requirements on businesses that collect or otherwise obtain biometric information, including fingerprints, retina scans and facial geometry scans (which could include identifying individuals through photographs).1 Among other requirements, businesses must receive written consent from individuals before obtaining their biometric data, and they must disclose their policies for usage and retention. Though Illinois was the first state to pass a law specifically regulating biometric data usage, other states are currently considering the issue, and Washington and Texas have already passed similar legislation. BIPA, however, is currently the only state law that allows private individuals to bring suit and recover damages for violations. For negligent violations, individuals can recover the greater of $1,000 or their actual losses. For reckless violations, the baseline award increases to $5,000.[1]
But these same laws are also subject to suits. Six Flags lost a suit over the fact that in order to sign up for their season pass in Illinois they needed a fingerprint scanned into their database without informing their customers why. The court ruled that anyone can bring suit under BIPA if they felt their rights were being aggrieved. This stance makes any data collectors in the state liable if consumers felt their rights were violated.
Security and privacy are a valuable commodity in this era of online profiles. To be able to use your biometrics as part of that security is a blessing but it is a double-edged sword as hackers can just as easily use like identity thieves. Take care of your privacy and check with your company about your cyber policies.
[1] https://www.skadden.com/insights/publications/2019/01/illinois-supreme-court
