Monsitj / Getty Images
Biometrics are among the most personal forms of information requiring the strictest protections. Ironically, biometrics are increasingly being used as a primary or secondary authentication mechanism to protect access to other sensitive information. Regulators are taking notice.
“The liabilities associated with biometric information are extremely high because you can’t call God up and say, ‘Hey I need a new fingerprint because mine was stolen,’” says Judy Selby, a Partner at Hinshaw & Culbertson LLP who specializes in privacy and cyber insurance.
In the US, regulations in California, Illinois and New York are considered the gold standard for protecting the collection, use, storage, and reuse of biometric data. In addition, The National Biometric Privacy Act was introduced to Congress in August 2020, with the potential to become federal law. While other acts and laws are in the works, these contain the most comprehensive privacy restrictions similar to the biometrics privacy rules set in European nations under the General Data Protection Regulation (GDPR).