Maryland and Mississippi lawmakers consider biometric data protection bills

The Maryland state legislature introduced a Biometric Data Protection Act as one of several state steps toward increased privacy regulation.

HB 33 entitled “Commercial Law – Consumer Protection – Biometric Data Privacy”, which was discovered by DataGuidance and passed its first reading, would require private companies holding biometric data , develop and publish policies, establish a retention schedule and, within specific policies, timeframes for data destruction. There are exceptions to the policy requirements for organizations that only use employee biometrics or for internal operations.

Photographs and sound recordings in themselves do not count as biometric data.

Consent must be obtained, be it in written or digital form, and restrictions would apply to the disclosure or sale of biometrics. Data storage and transmission would have to meet a number of security requirements.

The provision of a service cannot be made dependent on the provision of biometric data, unless the service cannot be provided without it.

A private right of action is included, and the rules would also be enforceable under the Maryland Consumer Protection Act.

Public sector bodies are not covered by the law.

Mississippi introduces biometrics law

The Mississippi state legislature introduced the Biometric Identifiers Privacy Act to regulate the collection and use of biometric information by private sector companies.

HB 467 would require private organizations to develop and publish policies for the biometric data they hold, including a retention schedule and data destruction policy.

The “Biometric Identifier Privacy Protection Act” would also require written consent from the biometric data subjects. Employee biometrics can be collected, but with limitations, e.g. B. Regarding the retention of data that could be used to track them.

Individuals or their legal representatives can also request information about what biometric data is stored about them, where the data came from, what it was used for, whether it was passed on to third parties and, if so, who these third parties are.

Instead of granting individuals or the Attorney General a right to sue under the statute, both may sue under the proposed law.

Who should be involved in enforcement action has been one of the bones of contention in proposed state biometric protection legislation, with some following Illinois in allowing private action. Some state bills, like Colorado’s, meanwhile, are focused on restricting facial recognition.

If passed, the law will come into force in mid-2023.

Meanwhile, Nebraska lawmakers are considering the Privacy Protection Act, which would limit the collection of personal information by public bodies.

Article Topics

biometric identifiers | Biometrics | Privacy Policy | digital identity | Legislation | Regulation | United States

Leave a Reply

Your email address will not be published. Required fields are marked *

| |
Back to top button