Does your organization utilize fingerprints, retina, voice, face scans, or other biometric identifiers in its day-to-day practices? If so, you’ll want to be aware of the Biometric Information Privacy Act (BIPA) in the state of Illinois. This law was created in 2008 to help individuals control their own biometric data because if any of these identifiers are compromised, the individual is facing an extreme risk of identity theft–just like if someone’s social security number was stolen.
The bill helps to regulate the collection, use, safeguarding, handling, storage, retention, and destruction of these identifiers. An important detail of the bill is that it requires private employers to inform the impacted individuals, disclose the purpose and duration of storage, and obtain written consent as it relates to the biometric identifiers and information.
It’s imperative that your organization remains compliant with the bill, or you can be faced with some pretty hefty fines. These are some ways to ensure you are protecting your organization:
- Obtain written consent
- Make your policy public
- Take reasonable care
Keep in mind that if your organization is using a third-party provider to store the biometric data, you should still obtain written consent from your vendors. This written consent should include items like how they safeguard, store, and destruct the unique data to ensure you are fully compliant.
Be sure to check out this white paper to learn more on how this state legislation can impact your business.
Also, don’t forget to contact a Marsh McLennan Agency advisor for further assistance.