We have discussed the Fifth Amendment’s application to encryption and biometric information in the past. So now, the purpose of this article is to discuss biometric privacy laws. The State of Illinois has already passed several pieces of legislation to regulate biometric privacy laws. For example, it has passed the Biometric Information Privacy Act (“BIPA”) which addresses the protective measures of biometric information. The statute defines biometric information as “any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.” It defines a biometric identifier as follows:
A retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include donated organs, tissues, or parts as defined in the Illinois Anatomical Gift Act or blood or serum stored on behalf of recipients or potential recipients of living or cadaveric transplants and obtained or stored by a federally designated organ procurement agency. Biometric identifiers do not include biological materials regulated under the Genetic Information Privacy Act. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. Biometric identifiers do not include an X-ray, roentgen process, computed tomography, MRI, PET scan, mammography, or other image or film of the human anatomy used to diagnose, prognose, or treat an illness or other medical condition or to further validate scientific testing or screening.
However, these rules seem to miss the mark by imposing statutory damages and fee-shifting provisions on commercial organizations. As a result, the legislators have opened the floodgates to class action lawsuits. It is important to note that biometric technology has evolved in recent years and the statutes that have attempted to regulate the technology may be outdated. Also, the recently-developed biometric equipment are capable of transforming the biometric identifier into an encrypted format which makes it unreadable or unidentifiable. Therefore, this kind of advanced technology prevents the anticipated harm, and as such, the statutory provisions should be updated by the lawmakers.