This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

New York Assembly introduces the Biometric Privacy Act

On January 6, 2021, a bipartisan group of New York legislators proposed the Biometric Privacy Act, a new law that would provide for protection of consumers’ biometric information. The bill would require entities that possess biometric information or identifiers to obtain specific consumer consent for collecting, capturing, purchasing or trading such information, and would be privately-actionable as well.

Under the bill, biometric identifiers include: “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” Biometric information means “any information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier used to identify an individual.” Entities that possess such information would need to develop written policies that are made available to the public, as well as inform consumers and receive written consent prior to the collection, capture, purchase or trade of the biometrics. That consent would have to be based on disclosures regarding the specific purpose and length of term for which the biometric identifier or information is being collected, stored and used.

Further, covered entities would need to safely store, transmit and protect the biometric identifiers or information from disclosure. The bill would also prevent an entity from selling or profiting off of the information.

The private right of action is similar to that found in Illinois’s Biometric Information Privacy Act (BIPA). The bill would allow any “aggrieved” person to bring an action against an offending party  The proposed bill provides for penalties of $1,000 or actual damages, whichever is greater, for negligent violations and $5,000 or actual damages, whichever is greater, for intentional or reckless violations. It also allows for recovery of reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses, as well for other relief, such as an injunction.

The act would give companies a relatively short time for compliance, as it would take effect on the ninetieth day after becoming law. The bill was referred to the consumer affairs and protection committee on January 6, 2021.

We will continue to track the act as it passes through the New York legislature. For more information, please reach out to the below authors or your regular Thompson Coburn contact.

Luke Sosnicki is a Los Angeles partner in Thompson Coburn’s Business Litigation group who has written and spoken extensively about data privacy litigation and regulatory risks. Libby Casale is an associate in Thompson Coburn’s Business Litigation group.

Click here to subscribe to News & Insights from Thompson Coburn LLP related to our practices

Tags

bipa, biometric data, data privacy, cybersecurity law, new york cybersecurity, biometric privacy act, cybersecurity bits and bytes, blogs