As the use of biometric information for verification purposes becomes widespread, employers and others should be aware of the statutes which regulate the collection, storage and dissemination of this data. In this regard, there have been several lawsuits involving the use or storage of biometric information which have resulted in multi-million dollar settlements.
The California Consumer Privacy Act (Civil Code sections 1978.100 et seq.) defines biometric information as follows:
"Biometric information" means an individual's physiological, biological, or behavioral characteristics, including an individual's deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. Cal. Civil Code ' 1798.140(b).
While a number of states, including California, have statutes which regulate the use or storage of biometric information, only two jurisdictions allow for a private right of action. These are the Illinois Biometric Information Privacy Act (commonly referred to "BIPA") and section 22-1201-1205 of the New York City Administration Code. Most of the reported litigation around biometric information has arisen out of claimed violations of BIPA.
In this regard, civil lawsuits seeking recovery of damages and attorneys' fees typically allege that the defendant used, collected and stored...
