• Home
  • About
  • My Account
  • Blog
  • Success Stories
  • Contact
Bayometric Bayometric Bayometric Bayometric
  • Live Scan
    • Print to FD-258 Card – Background Check
    • SWFT Applicant System
    • FBI Fingerprinting – Live Scan
    • NFA Fingerprinting – Live Scan
    • FINRA EFS
    • FDLE Live Scan
    • Fingerprint Background Check
    • SWFT+ Compatible Devices
  • Fingerprint SDK
    • Touch N Go
    • Griaule Fingerprint SDK
  • Single Sign-On
  • Fingerprint Scanner
    • USB Scanners
      • SecuGen Hamster Pro
      • SecuGen Hamster Plus (HSDU03P)
      • Nitgen Fingkey Hamster DX
      • Lumidigm M301 (M30x)
      • Lumidigm M311 (M31x)
      • Lumidigm V302 (V30x)
      • Lumidigm V311 (V31x)
      • Nitgen Fingkey Hamster II
      • Nitgen Fingkey Hamster III
      • Verifi P5100
      • IB Curve
    • FBI Certified Readers
      • SecuGen Hamster Pro 10
      • SecuGen Hamster Pro 20 (HU20)
      • SecuGen Hamster IV (HSDU04P)
      • Unity 20 Bluetooth
      • Integrated Biometrics Watson Mini
      • Integrated Biometrics Columbo
      • Suprema BioMini Plus 2
      • Suprema RealScan-G1
      • Suprema BioMini Slim 2
      • Suprema BioMini Slim 2S
    • Ten Print Scanners
      • Integrated Biometrics Kojak
      • Suprema RealScan G10
      • Integrated Biometrics FIVE-0
    • Dual / Two Print Scanners
      • Suprema RealScan-D
      • Integrated Biometrics Sherlock
      • Integrated Biometrics Watson Mini
      • Nitgen eNBioScan-D Plus
    • Scanners + Card Readers
      • SecuGen iD-Serial
      • SecuGen iD-USB SC/PIV
      • SecuGen ID USB SC
      • Hamster Pro Duo CL
      • Hamster Pro Duo SC/PIV
      • Suprema BioMini Combo
    • OEM Modules
      • SecuGen SDU03P
      • SecuGen SDU04P
      • Lumidigm M300 (M30x)
      • Lumidigm M310 (M31x)
      • Lumidigm V300 (V30x)
      • Lumidigm V310 (V31x)
  • NFA Fingerprinting
Bayometric Bayometric
  • Live Scan
    • Print to FD-258 Card – Background Check
    • SWFT Applicant System
    • FBI Fingerprinting – Live Scan
    • NFA Fingerprinting – Live Scan
    • FINRA EFS
    • FDLE Live Scan
    • Fingerprint Background Check
    • SWFT+ Compatible Devices
  • Fingerprint SDK
    • Touch N Go
    • Griaule Fingerprint SDK
  • Single Sign-On
  • Fingerprint Scanner
    • USB Scanners
      • SecuGen Hamster Pro
      • SecuGen Hamster Plus (HSDU03P)
      • Nitgen Fingkey Hamster DX
      • Lumidigm M301 (M30x)
      • Lumidigm M311 (M31x)
      • Lumidigm V302 (V30x)
      • Lumidigm V311 (V31x)
      • Nitgen Fingkey Hamster II
      • Nitgen Fingkey Hamster III
      • Verifi P5100
      • IB Curve
    • FBI Certified Readers
      • SecuGen Hamster Pro 10
      • SecuGen Hamster Pro 20 (HU20)
      • SecuGen Hamster IV (HSDU04P)
      • Unity 20 Bluetooth
      • Integrated Biometrics Watson Mini
      • Integrated Biometrics Columbo
      • Suprema BioMini Plus 2
      • Suprema RealScan-G1
      • Suprema BioMini Slim 2
      • Suprema BioMini Slim 2S
    • Ten Print Scanners
      • Integrated Biometrics Kojak
      • Suprema RealScan G10
      • Integrated Biometrics FIVE-0
    • Dual / Two Print Scanners
      • Suprema RealScan-D
      • Integrated Biometrics Sherlock
      • Integrated Biometrics Watson Mini
      • Nitgen eNBioScan-D Plus
    • Scanners + Card Readers
      • SecuGen iD-Serial
      • SecuGen iD-USB SC/PIV
      • SecuGen ID USB SC
      • Hamster Pro Duo CL
      • Hamster Pro Duo SC/PIV
      • Suprema BioMini Combo
    • OEM Modules
      • SecuGen SDU03P
      • SecuGen SDU04P
      • Lumidigm M300 (M30x)
      • Lumidigm M310 (M31x)
      • Lumidigm V300 (V30x)
      • Lumidigm V310 (V31x)
  • NFA Fingerprinting
May 07

U.S. States Enact BIPA: Legal Framework for Biometric Information Privacy

  • Danny Thakkar
  • Future of Biometrics, Privacy

Before the inception of online services, brick and mortar stores and outlets did the job of facilitating them off-line i.e. in physical mode. To buy a product or avail a service, you had to reach stores, outlets, or other forms of physical presence. These businesses collected (and they still do) personal details of their customers required for availing a service. In the off-line era, the information you left behind was more or less used for contacting or identifying you regarding the service, no strings attached. Back then, there was no legal framework that how businesses would use this information. But now time has changed, services have gone digital, many of them do not even have a physical presence anymore. Personal data of users has become a weapon of dominance in the market.

Bigger corporations that provide online services are collecting more information than ever, infringing user privacy to an unacceptable level. They know your favourite smartphone brand and even the brand your cat likes for her food, if you ever bought or searched them online. This activity is made legal in Privacy Statement and Term & Condition that we click before buying or signing up for a service.

Data driven economy: user privacy at stake

Now reaching physical stores or outlets sounds like a cumbersome task as most things can be done via the internet. Online services are no more limited to sending email, voice calling or instant messaging. Shopping, food, payments, banking, citizen services by the government, etc. have already marked online presence. Availing a service requires users to provide some personal data like name, date of birth, phone number or email address. Despite the diversity in services available online, there is a one thing common in most of these: They collect user data and use it for their own benefit. Service providers can leverage user data in many ways. Tech firms like Google and Facebook use it for personalized advertising. They may provide this data to their associated for their own purpose, increasing the severity of outcomes. Some of them can even sell it to the third parties.

These days, data provided in offline mode (e.g. on paper based forms, documents, etc.) also end up on information systems or eventually the internet. Data provided by users or generated by their online activity is a valuable asset for tech firms. Firms with high volumes of user data dominate the market. Digital service providers add disclaimers, terms and conditions to make their actions legal. Users, however, hardly bother to read associated Terms and Conditions their consent is all taken by a simple click. This ignorance does not make Terms and Conditions or Privacy Statement text any less severe. You single click on “Accept” button enables a service provider use (or misuse) your personal data, with legal authority.

User privacy in biometric era

As businesses are increasingly implementing biometric recognition technology for authentication, user biometrics has become a potential target of data collection. There are many firms keenly interested in collecting user biometrics. Collection of user data in the past formed today’s tech giants like Google and Facebook, collection of user biometrics can have the similar fate for the companies having hold of most biometric data. Biometrics is unlike any other form of user data. When passwords are used for user authentication method, they are saved within a service provider’s system in a format hard to decipher by hackers or criminals. Even if they are able to decode passwords, they can be changed at user end. Biometrics, however, is a different story. You can change your phone number or email address or even password, but not your fingerprints or iris pattern. This fact alone is enough to imagine what can be the cost of losing biometric data.

Biometrics has received its due acceptance in recent years and commercial applications of this technology are taking over the market. Organizations, which are leveraging user biometrics for authentication, are required to store biometric data in a secure environment. Services providers have been doing the same with passwords for many years and despite their efforts, data security incidents take place. It also raises concern of security of biometric data. Issue of privacy gets complicated when it comes to biometrics. Present privacy law is insufficient to protect biometric data of users. Issue of biometric information privacy is not limited to online services; biometric data of students in K-12 schools, employee data collected by employers, biometric data of patients, members of various outfits, etc. further intensify the need of a legal framework for the collection and use of biometric data.

Why law for biometric information privacy is required?

Biometrics is going to be next big thing in user identification and authentication. Payment authentication with a selfie, voice authentication for tele-banking and fingerprint scan to print boarding passes at airports are already a reality. Biometrics is inevitable and going to replace traditional ways of user authentication completely in some point of time. Since biometrics is way more efficient and easy to use than traditional authentication methods, usage of biometrics has already exploded in commercial application. This will lead to collection of huge volume of user biometrics from business and institutions. Fate of user biometrics cannot be left without a legislation to protect it.

Since a person’s biometrics cannot be changed if compromised, it poses a greater risk than all other forms of data and requires specific law to be framed for protecting biometric data. Soon most systems will be using biometrics for personal identification and authentication, losing biometric data can be disastrous. Though it is not possible to create original biometric pattern of users with biometric templates, the possibility cannot be entirely overruled. It will lead to biometric identity theft and fraudulently authenticate transactions.

U.S. states are actively enacting BIPA

biometric privacy in U.S.Image: Biometric privacy in the United States, biometric privacy laws in green and failed biometric privacy bills in orange (Source: Bloomberg BNA Research)

Permanence of a biometric identifier is considered a favouring characteristic for the technology, however, it becomes a threat if this biometric data is compromised. More and more businesses are taking up biometrics for user identification. Social networks are using face biometric to recognize users on the photos they post. This level of intrusion grabbed attention of privacy advocates and eventually paved the way to biometric information privacy law. Since commercial outfits, specially those which are in information technology business, collect way more user data, fate of biometric data was highly uncertain without a legal framework to protect it.

Understanding the criticality of the subject matter, the U.S. states are enacting Biometric Information Privacy Act to fill the gap that has remained in current user data privacy laws. Since legal framing of biometric usage of user biometrics has been loosely framed in previous laws a law like BIPA was long awaited. BIPA was required to ensure companies do not collect and use biometric data in ways that compromised an individual’s right to privacy.

Illinois has passed Biometric Information Privacy Act (740 ILCS 14/1 or BIPA) in 2008. Texas has also codified the law for capture of use of biometric identifier (Tex. Bus. & Com. Code Ann. §503.001) in 2009. Following the trend, the Governor of the Washington State signed into law House Bill 1493 (“H.B. 1493”) on May 16, 2017, which sets forth requirements for businesses who collect and use biometric identifiers for commercial purposes.

Illinois Biometric Information Privacy Act, 740 ILCS 14/1 states the criticality of biometric data:
“Biometrics are unlike other unique identifiers that are used to access finances or other sensitive information. For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”

BIPA is also underway in several other states, leading way to cover the whole country in future, however, there is no timeline as of yet. Users can take a sign of relief as states are enacting BIPA, however, technology firms do not look too happy about it. They want more control how they use user data including biometrics. Aggressive lobbying by companies interested in gathering user biometrics has delayed the implementation of BIPA in many states.

Conclusions

If you lose your government ID, it can be cancelled and a new one can be issued by the concerned department. This reissuance is not possible with biometric data, if it is compromised once, compromised forever. Biometrics data is handle-with-care case. Biometric Information Privacy Act is expected to make a difference how commercial outfits collect and use biometric data. The bill has been implemented in some states and underway in several others. Businesses are not at all in favour of this law and lobbying for make it more favourable for them as they want more control on users’ biometric data. BIPA, however, is expected to be implemented across the United States gradually, paving the way to user privacy.

  • Facebook
  • Twitter
  • Reddit
  • Pinterest
  • Google+
  • LinkedIn
  • E-Mail

About The Author

Danny Thakkar is Senior Product Manager at Bayometric, one of the leading biometric solution providers in the world. He has helped large organizations like Pepsi, America Cares, Michigan State and many other medium and small businesses achieve their identity management needs. He has been in the Biometric Industry for 10+ years and has extensive experience across public and private sector verticals. Currently, he is chief evangelist for Touch N Go and blogs regularly at www.bayometric.com and www.touchngoid.com.

Comments are closed.

Have any questions? We will be happy to answer.

Sidebar Contact

Shop online for high quality fingerprint readers

Hamster Pro 20

hamster pro 20
Buy Online

Unity 20 Bluetooth

unity 20 bluetooth
Buy Online

Hamster Plus

hamster plus
Buy Online

Columbo

columbo
Buy Online

Fingerprint applications we offer

Fingerprint SDK

Simple and Intuitive API, NO biometrics programming experience required. Get sample code in C++, C#, VB, Java etc.
Take a Tour

Live Scan

Live scan fingerprinting allows quick and cost effective background checks of individuals.
Take a Tour

Computer Logon

Logon to Windows, Domain, Websites and Applications using fingerprints & create a ”password free” environment.
Take a Tour

Search the Blog

Categories

  • Access Control
  • Archive
  • Automotive Biometrics
  • Background Check
  • Big Data
  • Biometric ATMs
  • Biometric Authentication
  • Biometric Data Security
  • Biometric Device
  • Biometric Identification
  • Biometric Immigration
  • Biometric National ID
  • Biometric News
  • Biometric Passport
  • Biometric Payment
  • Biometric Research
  • Biometric Screening
  • Biometric Security
  • Biometric Spoofing
  • Biometric System
  • Biometric Technology
  • Biometric Terminology
  • Biometrics as a Service
  • Biometrics Comparison
  • Biometrics Examples
  • Biometrics in Banking
  • Biometrics in Education
  • Biometrics in School
  • Border Control
  • BYOD
  • Cloud Communication
  • Cloud-based Biometrics
  • Covid 19
  • Cyber Security
  • Facial Recognition
  • Finger Vein Recognition
  • Fingerprint Attendance
  • Fingerprint Door Lock
  • Fingerprint Recognition
  • Fingerprint Scanner App
  • Fingerprint scanners
  • Fingerprint SDK
  • Fingerprint with Phone
  • Future of Biometrics
  • Guest Blog
  • Hand Geometry
  • Healthcare Biometrics
  • Home Security
  • Hospitality Industry
  • Integration Guideline
  • Internet of Things
  • Iris Recognition
  • Law Enforcement
  • Live Scan Fingerprinting
  • Mass Surveillance
  • Membership Management
  • Multi-factor Authentication
  • Multimodal Biometrics
  • Network Security
  • NFA Fingerprinting
  • Palm Vein Recognition
  • Patient Identification
  • Privacy
  • Public Safety
  • Retail POS
  • Retinal Scan
  • SecuGen RD Service
  • Secure Data Center
  • Signature Verification
  • Single Sign On
  • Smart Card
  • Time and Attendance
  • Two-factor Authentication
  • Vascular Biometrics
  • Visitor Management
  • Voice Authentication
  • Voter Registration
  • Windows Biometrics
  • Workforce Management

About Bayometric

Bayometric is a leading global provider of biometric security systems offering core fingerprint identification solutions. Learn more

Products We Offer

  • Touch N Go
  • Single Sign-On
  • Biometric Access Control
  • Biometric Security Devices
  • Fingerprint Scanners
  • FBI Certified Readers
  • Live Scan Systems
  • OEM Modules

Contact Us

Footer Contact
Sending

Recent from Blog

  • ATF Fingerprint Cards: Ultimate Guide 2022 June 29, 2022
  • New ATF Final Rule 2021R-05F Explained June 27, 2022
  • How to Fill Out an FD-258 Fingerprint Card for Silencer and SBR? June 20, 2022
© 2007 - 2022 by Bayometric | All Rights Reserved.
  • Best Seller
  • Cart
  • Checkout
  • Policies
  • Industries
  • Knowledge Base
  • Sitemap