Biometric Privacy and Liability

It’s becoming a common trend to see facial recognition scanning mechanisms to combat the spread of coronavirus.  More and more businesses are using these types of technologies to check for temperatures and symptoms.  Some of us have even become accustomed this technology because it allows us to unlock our phones without so much as pressing a button.  Even though it requires almost no effort on the part of the consumer, it can pose a more invasive threat than they may be aware of.  And it can put your business at risk if proper precautions are not taken.

What are Biometrics?

            The technical terminology referenced as biometrics are the measurements and calculations of the measurements unique to the human body and characteristics.  Biometric identifiers include facial recognition, vocal recognition, fingerprints, ocular recognition, palmprints, and DNA.  Using such information for authentication or identification has become popular in computer science and access control for businesses and governments.  While this type of technology is still advancing, trying to account for the biometrics that change over time, such as facial symmetry or gait, the capabilities it provides are especially valuable for security purposes and now public health. 

Biometric Information Privacy Act (BIPA)

            Passed in 2008 in the state of Illinois, this was the first law to regulate the collection of biometric information, guarding against the unlawful collection and storing of biometric information.  While there is no federal law on biometric privacy, other states that have passed similar laws include Washington, Texas, New Hampshire, Michigan, and California.  This law allows for individual’s biometric information, such as facial recognition and fingerprint scan, to only be collected with their consent.  Companies such as Facebook and Six Flags have fallen victim to class action lawsuits by collecting such information without the permission of individuals.  While there may not be tangible harm caused by these infractions, it can be seen as a consumer’s loss of the power and ability to make informed decisions about the collection, storage, and use of biometric information.

Biometric Exposures

            Prior to the coronavirus pandemic, biometric exposures and liabilities were not on the forefront of concerns for business owners and corporations.  Many were only introducing biometrics on an employment basis, using such information for time keeping purposes, employee identification, etc.  However, now that such technologies are being used to scan for signs and symptoms of the coronavirus, such as temperature and cough, any collection of this data needs to be addressed.  Companies that are now collecting this data need to set protocols to gain consent from consumers as well as establishing what it is being collected for.  Adopting biometrics opens a whole new set of non-traditional risks around privacy and cyber liability that most companies and businesses are yet to be familiar with because not only does it present legal issues, but could be potentially catastrophic if the data is breached. 

What the Future Holds

            Like many technologies of our time, the innovations and upgrades biometrics are experiencing are not only fast-paced, but wide ranging.   Facial recognition is being used and even required in some states and countries as a means to identify yourself for traveling.  Hand and fingerprints are becoming especially useful for bank transactions and to reduce fraud.  Even telling your home devices to play a song or turn on the lights uses your voice as a means for recognizing who you are.  When we look to the future, it’s hard to imagine not having such features of security and convenience in our lives, but the ramifications of such means are still to be defined.