Menu Close

Maryland and Mississippi lawmakers consider biometric data protection bills

Maryland’s state legislature has introduced a biometric data privacy act, in one of several moves at the state level towards increasing data privacy regulation.

HB 33, titled ‘Commercial Law – Consumer Protection – Biometric Data Privacy’ and spotted by DataGuidance, has passed its first reading, would require private entities that hold biometric data to develop and publish policies, establish a retention schedule and data destruction guidelines within certain timeframes. There are exceptions to the policy requirements for businesses only using biometrics from employees or for internal operations.

Photographs and audio recordings do not, in and of themselves, count as biometric data.

Consent must be collected, whether in written or digital form, and restrictions would be applied to disclosing or selling biometric data. Data storage and transmission would have to meet a set of security requirements.

Providing a service can also not be made conditional on supplying biometric data, unless the service cannot be delivered without it.

A private right of action is included, and the rules would also be enforceable through the Maryland Consumer Protection Act.

Public sector entities are not covered under the act.

Mississippi introduces biometrics act

Mississippi State Legislature has introduced the Biometric Identifiers Privacy Act to regulate the collection and use of biometrics by private sector entities.

HB 467 would require private organizations to develop and publish policies for the biometric data they hold, including a retention schedule and data destruction policy.

The ‘Biometric Identifiers Privacy Act’ would also require written consent from biometric data subjects. Employee biometrics can be collected, but with restrictions, such as on the retention of data that could be used to track them.

Individuals or their legal representatives can also demand information about what biometrics of theirs are held, the source of the data, what it has been used for, whether it was disclosed to any third parties, and if so who those third parties are.

Rather than placing a right of action under the act with either individuals or the State Attorney General, both will be able to sue under the proposed law.

Who should be involved in enforcement actions has been one of the points of division in proposed state laws on biometric data privacy, with some following Illinois in allowing private action. Some state bills, meanwhile, like Colorado’s, focus on restricting facial recognition.

If passed, the law will come into effect halfway through 2023.

Nebraska legislators, meanwhile, are considering the Personal Privacy Protection Act, which would restrict the collection of personal information by public agencies. Maryland’s state legislature has introduced a biometric data privacy act, in one of several moves at the state level towards increasing data privacy regulation.

HB 33, titled ‘Commercial Law – Consumer Protection – Biometric Data Privacy’ and spotted by DataGuidance, has passed its first reading, would require private entities that hold biometric data to develop and publish policies, establish a retention schedule and data destruction guidelines within certain timeframes. There are exceptions to the policy requirements for businesses only using biometrics from employees or for internal operations.

Photographs and audio recordings do not, in and of themselves, count as biometric data.

Consent must be collected, whether in written or digital form, and restrictions would be applied to disclosing or selling biometric data. Data storage and transmission would have to meet a set of security requirements.

Providing a service can also not be made conditional on supplying biometric data, unless the service cannot be delivered without it.

A private right of action is included, and the rules would also be enforceable through the Maryland Consumer Protection Act.

Public sector entities are not covered under the act.
Mississippi introduces biometrics act
Mississippi State Legislature has introduced the Biometric Identifiers Privacy Act to regulate the collection and use of biometrics by private sector entities.

HB 467 would require private organizations to develop and publish policies for the biometric data they hold, including a retention schedule and data destruction policy.

The ‘Biometric Identifiers Privacy Act’ would also require written consent from biometric data subjects. Employee biometrics can be collected, but with restrictions, such as on the retention of data that could be used to track them.

Individuals or their legal representatives can also demand information about what biometrics of theirs are held, the source of the data, what it has been used for, whether it was disclosed to any third parties, and if so who those third parties are.

Rather than placing a right of action under the act with either individuals or the State Attorney General, both will be able to sue under the proposed law.

Who should be involved in enforcement actions has been one of the points of division in proposed state laws on biometric data privacy, with some following Illinois in allowing private action. Some state bills, meanwhile, like Colorado’s, focus on restricting facial recognition.

If passed, the law will come into effect halfway through 2023.

Nebraska legislators, meanwhile, are considering the Personal Privacy Protection Act, which would restrict the collection of personal information by public agencies.  Read More   

Generated by Feedzy

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.  

Close Bitnami banner
Bitnami