We’ve looked in our series to what companies should do when collecting biometric information, and now we turn to issues around sharing biometric information. The three states which have thus far enacted specific biometric privacy legislation—Illinois, Texas, and Washington—each place restrictions upon the sharing of biometric information. Illinois has imposed a blanket prohibition upon the sale of biometric information. The information may be shared if needed to complete a financial transaction authorized by the individual, if required by law, or, if the individual provides consent, for any other purpose.
The Texas law allows both sale and sharing of biometric data if needed to complete a financial transaction authorized by the individual, if required by law, or, if the individual provides advance consent, for the specific purpose of identification in case of death or disappearance. Washington’s law is the most liberal. It allows sharing and sale for any purpose if the individual consents. Absent consent, the information may still be shared or sold in a variety of circumstances, such as when necessary to complete a transaction or provide a service or product requested by the individual, when required by law or for use in judicial proceedings, or when sold to or shared with a third party who promises to use it in a way consistent with original notice and not to share it further.
Putting it Into Practice: Does your company share biometric data? Have you considered the restrictions that may be in place in Illinois, Texas, or Washington?