A bipartisan group of New York state lawmakers recently introduced privacy legislation that would impose new obligations on businesses related to biometric identifiers and biometric information. The Biometric Privacy Act (“New York BIPA”), introduced on January 6, would limit how companies can collect or disclose biometric identifiers and biometric information, notice and consent to persons whose data is collected, security measures for the storage of such data, and private rights of action. Employers would not be exempted from these requirements, and businesses would only have 90 days to bring themselves into compliance if the proposed law passes. If the law does take effect, New York would be the fourth state to pass such legislation, joining the ranks of Illinois, Texas, and Washington. While the law still is a long way from passing – in fact, this is the fourth biometric privacy bill introduced by New York lawmakers since 2018, with all prior bills having failed – the risks for employers who are non-compliant with the law would be high. For this reason, we recommend all companies doing business in New York pay attention to this proposal and familiarize yourself with this legislation. Here is what you need to know about this potential New York law.
In 2018, the California legislature enacted the California Consumer Privacy Act (“CCPA”), which went into effect on January 1, 2020 but was amended six times before it even took effect. Concerned that amendments have weakened the CCPA and that consumers still do not understand how their personal information is being used by businesses, proponents of the CCPA have proposed a ballot initiative for the November 2020 ballot titled the California Privacy Rights Act of 2020 (“CPRA”)—colloquially known as CCPA 2.0.