The use of biometric data such as voice, face, and iris recognition, fingerprint identification, and hand geometry for individual authentication has grown rapidly over the past decade. While the potential for abuse of biometric data has been apparent from the start, until recently, there has been minimal legislative activity and litigation concerning the collection, use, and storage of biometric data.
Illinois passed the first such law in 2008, the Biometric Information Privacy Act (“BIPA”). Now, other US states have enacted or are considering enacting biometric information laws, and regulations that are potentially even more sweeping than BIPA will go into effect in the European Union in 2018.
At K&L Gates, our Biometric Data Compliance and Defense team takes a multidisciplinary approach to support our clients by working closely with the firm’s privacy, data protection and information management, class action litigation defense, and insurance coverage lawyers to advise companies who collect, store and use biometric data about regulatory compliance, risk mitigation, and litigation defense.
K&L Gates serves as privacy counsel for regional, national and international companies with diverse privacy issues. We have the experience to advise clients on a range of issues and compliance matters, including:
- Defending Biometric Information Privacy Act suits.
- Complying with the Biometric Information Privacy Act and other similar legislation.
- Developing compliance programs for companies employing biometric systems in the United States and around the world.
- Biometrics-related insurance coverage issues.
We work with clients to:
- Identify whether biometric information is/was collected and for what purpose.
- Determine whether notice and consent requirements apply and whether existing processes satisfy those obligations.
- Institute administrative, logical, and/or physical restrictions to restrict the sale or other transfers-for-profit of biometric information.
- Confirm that the company’s security incident response policy addresses biometric information for those states in which biometric information is subject to data breach notification requirements.
- Verify that existing data retention and destruction policies include provisions that meet the requirements of the biometric act in a particular state.
- Check that current information security policies specifically consider the sensitivity of biometric information to ensure that the biometric information laws’ requirement of “reasonable care” is met.
- Ensure that adequate notice and consent processes are in place when biometric information is collected from employees.
- Negotiate appropriate provisions in contractual agreements with vendors, contractors, and other third parties to be compliant with biometric regulations.
We vigorously defend our clients while offering value by virtue of our extensive cross-disciplinary experience and cost-effective approach to litigation. We routinely offer our clients alternative fee arrangements in connection with these matters, including discounted and blended rates, flat-fee agreements, and incentive fee arrangements.
K&L Gates’ ability to defend our clients across the United States and around the world is enhanced by the geographic diversity of the firm’s offices and the resources its lawyers can bring to bear in complex matters.