A wave of privacy-focused legislative efforts is sweeping across America, and it includes measures aimed at biometric data specifically.
In Mississippi, the state legislature has proposed House Bill 467, the Biometric Identifiers Privacy Act.
The law is aimed at requiring private organizations to disclose their practices concerning the collection and storage of biometric data, and mandating that a given organization must establish a data retention policy that includes guidelines for the deletion of biometric data.
Like Illinois’s famous (or infamous, depending who you ask) Biometric Information Privacy Act (BIPA), the proposed legislation also would require organizations to obtain consent from a subject concerning the collection of biometric data.
The bill would establish a private right of action against companies accused of violating Mississippi’s BIPA, establishing minimum punishments of $1,000 or $5,000, depending on whether the violations are found to be the result of negligence, or intentional.
If passed, the Mississippi BIPA would take effect July 1 of this year.
In addition to its BIPA, Mississippi is one of at least nine states have introduced comprehensive privacy bills, according to a Washington Post report. The others include Indiana, Iowa, Kentucky, Massachusetts, Oklahoma, Oregon, New York, and Tennessee.
And besides Mississippi, New York and Oregon are also one of at least seven states that are considering legislation aimed at specific subtypes of data – not just biometric data but health information and data that might normally be exchanged by brokers. Other states in that group include Maryland, New Jersey, Virginia, and Washington.
While not all of these legislative efforts will succeed, they appear to reflect a cultural trend toward privacy protections. In an unusual Wall Street Journal op-ed last week, President Joe Biden urged lawmakers on both sides of the aisle to work to “clear limits on how companies can collect, use and share highly personal data”.
Speaking to the Post, a senior counsel with the Future of Privacy Forum think tank said that 2023 could see “an upswing in proposals around specific privacy concerns, specific uses of data, specific technologies that wouldn’t necessarily be considered comprehensive privacy laws, but would still have a major impact for consumer rights and the obligations for businesses.”
Sources: The National Law Review, The Washington Post, Wall Street Journal
January 20, 2023 – by Alex Perala