Healthcare is rapidly expanding the use of biometric information with hospitals utilizing fingerprinting to secure patient electronic data. Employers are also using the technology which debaters argue could compromise an individual’s right to privacy. However, new laws continue to create protection and security through the use of biometric information.
“Biometrics” are biological measurements that cannot be replicated of individual biological patterns or characteristics such as fingerprints, voiceprints, and eye scans that can be used to quickly and easily identify the individual. Due to privacy issues concerning the repercussions of possibly compromised biometric data, a number of states have proposed or passed laws regulating the collection and storage of biometric data, including Illinois, Texas and Washington. Biometric Information Privacy Act Biometric (BIPA) applies to “biometric information” which is “any information, regardless of how it is captured, converted, stored, or shared,” that is “based on an individual’s biometric identifier” and is “used to identify an individual.”
The Texas law only protects biometric identifiers and does not contain a broader “biometric information” provision. Reports indicate that the Texas version of law requires only that employers shall destroy the biometric identifier within a reasonable time, but not later than the first anniversary of the date the purpose for collecting the identifier expires, except as provided by Subsection. In Texas, if biometric data was collected for “security purposes,” the purpose for collecting the data is presumed to expire on termination of the employment relationship.
According to a report online, Texas law applies only to biometric identifiers and defines those as specifically a retina or iris scan, fingerprint, voiceprint, the record of a hand or face geometry. It is important to note that it specifically includes the records of the specific biometric data and does not include the analysis of biometric indicators. As for penalties, reports indicate that the law allows for civil penalties of up to $25,000x, but only the attorney general can bring suit against companies for biometric privacy violations.
- Retina or Iris scan
- Hand geometry record
- Face geometry record
All three laws provide civil penalties for violations, but BIPA is the only one of the three laws that provide a private right of action that allows for plaintiffs to recover liquidated damages and attorneys’ fees. In Texas and Washington, only the state attorney general may bring suit to enforce those laws.