Biometrics Privacy Law Takes Effect in NYC
Last week a new privacy law limiting what businesses can do with biometric data (for example, facial recognition information and fingerprints) took effect in New York City. The new ordinance requires commercial establishments that collect biometric information to post notices to customers explaining how their data will be used. The law applies to a wide range of businesses, including stores, restaurants, and theaters. The ordinance defines "biometric identifier information" as any "physiological or biological characteristic that is used by or on behalf of a commercial establishment, singly or in combination, to identify, or assist in identifying, an individual, including, but not limited to: (i) a retina or iris scan, (ii) a fingerprint or voiceprint, (iii) a scan of hand or face geometry, or any other identifying characteristic." The law does, however, permit the collection, use, and retention of biometric identifying data if a notice to customers in "plain, simple language" is clearly displayed. The NYC Commissioner of Consumer and Worker Protection is expected to issue further guidance detailing the exact requirements that businesses must follow to comply with the law. The law does not apply to biometric data collected from employees of these businesses. In enacting this law, New York follows in the footsteps of Portland, Oregon, which enacted a facial recognition ordinance last year. With the rapidly increasing use of facial recognition and similar technologies, similar laws are expected to continue cropping up in cities and states around the country. The definition of "biometric information" varies from state to state and is constantly evolving as new technologies emerge. Companies that collect and/or use any information about their customers or employees are advised to monitor developments in their city and state to ensure compliance with the ever-changing landscape of data protection laws. A more fulsome analysis by Perkins Coie attorneys Sunita Bali, Susan Fahringer, Nicola Menaldo, Adam H. Schuman, and Ryan Spear is available here.
Print and share
Authors
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Explore more in
Perkins on Privacy
Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field.