Extract from Jim Gill’s article “Why the Connection Between Biometric Data and eDiscovery Will Continue to Grow”
Everyone has been talking about the California Consumer Privacy Act (CCPA) lately, namely because the 2018 law became enforceable as of July 1, 2020. This law provides California consumers with a number of privacy-related rights, and applies to any organization that has California consumers, even if they’re not located in California.
So why isn’t there more talk about BIPA? The Illinois Biometric Information Privacy Act has been around since 2008 and “has been a steady source of litigation ever since,” according to a 2020 article in the National Law Review.
Illinois Biometric Information Privacy Act (BIPA)
BIPA regulates how “private entities” collect, use, and share “biometric information” and “biometric identifiers”, and imposes certain security requirements, noting that:
“Biometrics are unlike other unique identifiers that are used to access finances or other sensitive information. For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”