Overview of Biometrics
Biometrics is a term used to define personal identifying characteristics, including fingerprints, retinal scans, voiceprints, facial scans and other physical absolutes.
Biometrics Protection
If you lived or worked in Illinois in an establishment where biometrics were used to clock in and out of work or for access to anything else, you could be a victim of a violation of the Illinois Biometric Information Privacy Act (BIPA).
Illinois passed BIPA in 2008 to protect the privacy of citizens who may be subject to the collection of biometric markers for employer affirmation or customer identity confirmation. Those Ill. companies who use such markers for employees must follow BIPA rules when dealing with this biometric information.
A company that collects and stores biometrics on an Illinois consumer without providing details regarding why and how long the data is stored may be in violation of BIPA.
The law has been unsuccessfully challenged by companies such as Facebook and Google, which use facial recognition software to tag photos of known users.
BIPA Requirements
BIPA states that no private entity is allowed to collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information, without initially completing the following steps.
(1) The business must first tell the person or the person’s legally authorized representative in writing that a biometric identifier or biometric information will be obtained and/or such data will be stored.
(2) The business must inform the person or the person’s legally authorized representative in writing of the reason and length of time for which a biometric identifier or biometric information will be collected, stored and used. If a person is let go from a private entity, the company has three years from termination to destroy it.
(3) The business must receive a written release signed by the person providing the biometric identifier or biometric information or the person’s legally authorized representative.
For each violation of the BIPA, those whose rights are violated may recover up to $1,000 for negligent violations and up to $5,000 for intentional violations, in addition to attorney fees and costs.
Six Flags Held Responsible for Alleged Illegal Collection of Biometrics
In January, a Six Flags amusement park in Illinois allegedly obtained the fingerprints of a 14-year-old park visitor without permission from the child’s parents. Six Flags said that because the family was not able to prove a tangible injury from the unapproved procurement of the child’s fingerprints that the amusement park could not be held responsible for any wrongdoing.
The Illinois Supreme Court did not agree with Six Flags. Illinois Chief Justice Lloyd A. Karmeier’s ruling stated that “an individual need not allege some actual injury or adverse effect, beyond violation of his or her rights under the Act, in order to qualify as an ‘aggrieved’ person and be entitled to seek liquidated damages and injunctive relief pursuant to the Act.”
In addition to amusement parks, other businesses known to make use of biometrics include liquor stores, tech companies, hospitals, banks, app and software developers, retailers and employers.
Biometrics Measurements Expanding
Biometrics technology is advancing at a rapid rate. Apple incorporates 30,000 infrared dots to map the iPhone X user’s face to identify the user. An LG V30 smartphone uses fingerprint scans in addition to facial and voice recognition software to secure the information the user keeps on the phone.
CrucialTec, a high-tech sensor manufacturing company, combines a heart-rate sensor with fingerprint recognition to ensure imitation fingerprint patterns are locked out. Imitation or ‘cloned’ fingerprints have been created with simple materials, including candle wax or molding plastics. By ‘reading’ the heart rate and fingerprint of the user, the access is more secure.