Photo of Kim Phan

Kim is a privacy and data security lawyer who counsels companies in federal and state privacy and data security statutes and regulations. Her work encompasses strategic planning and guidance for companies to incorporate privacy and data security considerations throughout product development, marketing, and implementation.

Q: What states have biometric laws and what does this mean for my company?

A. Introduction: Biometric Laws in 2022

In the first quarter of 2022 alone, no fewer than seven states have introduced biometric laws — California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York — generally based on Illinois’ Biometric Information Privacy Act (BIPA). Currently, only Illinois, Texas, and Washington have enacted biometric laws, and only the Illinois law provides individuals with a private right of action. While California’s Consumer Privacy Act (CCPA) covers the protection of biometric data, the act only provides a private right of action where the information was involved in an unauthorized exposure as a result of the business’ failure to implement and maintain reasonable security procedures and the business’ failure to take certain steps after receiving a consumer request.

Continue Reading A Fresh “Face” of Privacy: 2022 Biometric Laws