Illinois’s 2008 Biometric Information Privacy Act was one of the first of its kind in the country. Biometric data is the unique biological information that can be used to identify one person from another. This includes such technology as digitally stored fingerprints and facial recognition technology. Anytime you use the finger print scanner to unlock your cellphone, you are using biometric data that is stored locally on that device. While the Illinois General Assembly may have been proactive in its efforts to protect the biometric data of its citizens, it might not have been able to foresee how the technology that uses this biometric data would evolve.
Prior to 2008, consumer biometric technology was in its infancy and hailed as the answer to personal identification security risks. Because of the security applications associated with individual biometrics, many companies and startups flocked to this emerging field before the hazards of the technology were fully understood. One such hazard that quickly became apparent was that, while a new social security number can be readily issued, a new fingerprint or retinal print cannot. Should biometric information be compromised or recreated, the original owner cannot simply obtain a replacement.
Just as many early adopters of biometric security may not have foreseen the hazards if their data were compromised, Illinois may not have been aware of the full ramifications of its 2008 Biometric Information Privacy Act. Since the passing of the Act, the technology sector’s largest companies, such as Apple, Google, Microsoft, and Samsung, have all introduced products and technologies that increasingly rely on biometric data. Due to the proliferation of these technologies into everyday life, these companies have also exposed themselves to untold potential legal liabilities.
One example of this liability is the ongoing class action lawsuit against Facebook. The lawsuit alleges that Facebook’s facial recognition software, which automatically identifies friends in pictures, violates Illinois’s Biometric Information Privacy Act. The problem is that Facebook’s terms and conditions, like many other companies, require users to “opt-out” from the recognition software. However, in Illinois, the Act requires users to “opt-in.” While this distinction may seem small, it can be detrimental to a smaller business wanting to use biometrics in the course of its business.
While advances in biometrics do seem to offer increased security over a number of more traditional safeguards, the decision to use biometric technology is not one to take lightly. Several other smaller companies have faced class action lawsuits for their use of biometrics. If your company is considering the use of biometrics, it is important that you understand how local laws can affect your business, as well as the risks associated with the breach of this data. These questions often require the dedication and expertise of legal professionals familiar with changes in both the law and technology. You can find these legal professionals at the law firm of Rock Fusco & Connelly, LLC.