Biometric privacy and tougher biometric privacy laws are a serious risk to American businesses. Unfortunately, biometric privacy risks are obscure and poorly understood.
Biometrics refers to the use of a person’s biological or physical characteristics as a means of identification. For example, a fingerprint scanner identifies a person via fingerprints.
Currently, fingerprints are the most common form of biometric identification, but systems relying on other biological indicators are being introduced. For instance, Sthaler’s Fingopay identifies people by scanning the veins in a person’s fingers.
Biometric privacy risks
Biometric privacy laws and the litigation they can generate are the biggest risks associated with the technology.
Alphabet Inc., Google’s parent company, faced a class-action suit based on the American state of Illinois’s Illinois’ Biometric Privacy Information Act (BIPA), Illinois Policy reports. The suit alleged Google violated the BIPA by creating templates from the faces of photographs of its products’ users.
The suit claimed the plaintiff’s faces were private property that Alphabet used without the owners’ permission. Although, Google won the dismissal, similar lawsuits against Facebook and Snapchat are still pending.
Biometric privacy laws risks
The BIPA, passed in 2008, makes the collection of biometric information without owners’ permission a crime. Specifically, companies can face a $1,000 to $5,000 fine and lawsuits for violating the act.
Moreover, the BIPA requires companies to “securely” store biometric data and destroy old or unused biometric data. For instance, a company will have to destroy an employee’s biometric data if the person quits.
Tellingly, lawyers have sued several companies including Shutterfly, Alphabet, and amusement park operator Six Flags for violating the Illinois BIPA. However, there have been no clear court rulings the BIPA’s legality or constitutionality.
Just three US states, Illinois, Texas, and Washington have biometric privacy laws.
Legislators have proposed biometric privacy laws in several other states. For instance, state bill SD.341 in Massachusetts will regulate the collection and storage of biometric information if it becomes law. SD.341’s text classifies iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, as biometric information.
Hence, anybody could sue a Massachusetts business for improper use of biometric data – if SD.341 becomes law. An employee could sue a business if criminals steal or misuse her biometric data from it, for instance.
Thus, courts can hold a business liable for losses resulting from the misuse of biometric data. An example of such a loss is a thief using a copy of somebody’s fingerprint to gain access to a building or a bank account.
Interestingly, biometric data itself could have commercial value. Health insurers and drug companies could use biometric data in research. Plus, faces could have commercial value in artwork or movies. An actor like Samuel L. Jackson could demand an appearance fee if a company tries to use a biometric scan of his face in advertising.
Insurers must address biometric privacy
Insurers will need to address biometric privacy with new kinds of coverage.
The most obvious example of such products is a liability insurance policy for companies that collect or store biometric information. Insurers can sell such a policy directly to biometric users or issue policies to biometric device manufacturers.
The market for biometric data policies will grow as the use of biometric data grows. Specifically, MasterCard is developing a credit or debit card that contains a biometric fingerprint scanner.
Therefore, the risk of criminals using biometrics to gain access to accounts will grow. Obviously, the need for insurance to protect organizations from biometrics risks will grow with the technology.
The biometric privacy laws in the United are one of many risks biometrics creates for business. Such laws and lawsuits will create many opportunities for insurers to create new policies related to biometrics technology.