On January 6th, the first day of the New York legislature’s 2021 session, NY lawmakers proposed Assembly Bill 27 (AB 27), the Biometric Privacy Act. The legislative purpose of AB 27 is to provide safeguards for consumers regarding their biometric identifiers, such as fingerprints, handprints, retina or iris scans, voiceprints, and other facial and hand recognition. Effectively, the proposed Act would require private (non-governmental) organizations that possess a biometric identifier or biometric information (i.e., information “based on” a biometric identifier) (collectively “biometric data”) to develop a written retention policy setting forth the time period for information containing biometric data, as well as guidelines for permanently destroying such biometric data either when: (i) the initial purpose for obtaining such information “has been satisfied,” or (ii) within three years of the individual’s last interaction with the private entity, whichever happens first.
AB 27 would also require organizations to obtain individuals’ express written consent for the collection of their biometric data prior to collecting or otherwise obtaining such data. In addition, the proposed Act would prohibit organizations from selling or otherwise profiting from the biometric data which they possess, and separately mandate organizations to provide technical and organizational safeguards around biometric data that are the same or more protective than the measures it maintains for other confidential and/or sensitive information.
Continue Reading New York proposes a new Biometric Privacy Act