Extract from Epiq’s article “More Businesses Using Biometric Data Means More Regulation”
Biometric data continues to take up a massive amount of space in the digital universe. Fingerprints, facial scans, and voice recognition are staples of modern devices and are regularly integrated into business models.
Think about how biometric technology plays a role in tools for employee identification, automated voice assistants, virtual try-ons, account sign-on verification, event access, and social media filters, to name a few. Organizations may collect this data not only in the regular course of business, but also during discovery for a lawsuit or investigation. As a result, the U.S. has experienced more pressure for regulation in recent years. This body of law continues to evolve so do not forget to turn alerts on for biometric updates in the legal space to keep on top of pivotal decisions and legislative trends.
Recent Case Law
Illinois was the first state to directly regulate biometric data through the lens of consumer privacy in 2008 via the Biometric Information Privacy Act (BIPA). This strict law applies to how organizations collect, use, safeguard, handle, store, retain, and destroy biometric consumer data and has been a groundbreaking piece of legislation not only in Illinois but throughout the nation.
Private lawsuits are authorized and prospective plaintiffs do not need to show actual harm to establish standing. A procedural violation is sufficient to file a BIPA lawsuit, including class actions.
