On January 6, 2021, a bipartisan group of state legislators introduced the “Biometric Privacy Act,” (Assembly Bill 27), which would make New York only the second state with a private right of action against entities that improperly use or retain biometric information. This is the third time that New York lawmakers have proposed such a bill.
The bill would protect individuals’ biometric identifiers, defined as fingerprints, voiceprints, retina or iris scans, and scans of face or hand geometry, as well as information based on such identifiers used to identify an individual.
Under the bill, private entities in possession of biometric identifiers or information would need to develop and comply with publicly available written policies establishing retention schedules and guidelines for permanently destroying the identifiers or information when the initial purpose for collecting or obtaining them has been satisfied or within three years of the individual’s last interaction with the entity, whichever occurs first. Private entities would also be required to store, transmit, and protect from disclosure all biometric identifiers and information using the reasonable standard of care in their industry, and in a manner that is the same as or more protective than the manner in which they store, transmit, and protect other confidential and sensitive information.
Continue Reading New York Lawmakers Introduce Biometric Privacy Bill with Private Right of Action