The Illinois Biometric Information Privacy Act ("BIPA") aims to “regulate the collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information”. If your organization operates in Illinois or you have employees that are residents of Illinois, you need to comply with BIPA. You can read the full text of BIPA in the Illinois Compiled Statutes.
The sections below detail the requirements of BIPA and explain how NoahFace provides you with capabilities in the NoahFace Service to help you comply with each of them.
BIPA requires that: "No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information, unless it first:
The NoahFace Service displays a written privacy statement which informs subjects that biometric data will be collected (before it is collected), the specific usage of the biometric data, and the length of term for which the biometric data will be stored.
If the privacy statement is accepted, the NoahFace Service will capture the subject's photo and extract their biometric data. If the privacy statement is not accepted, the subject can still use the NoahFace Service by manually identifying themselves using non-biometric methods (eg: passcodes).
The date and time each subject accepts the privacy statement is recorded and can be viewed through the NoahFace Service.
BIPA requires that: "A private entity in possession of biometric identifiers or biometric information must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first."
In particular, the NoahFace Service will automatically destroy a subject's biometric data whenever either:
BIPA requires that: "No private entity in possession of a biometric identifier or biometric information may sell, lease, trade, or otherwise profit from a person's or a customer's biometric identifier or biometric information."
NoahFace does NOT sell, lease, trade, or otherwise profit from biometric data.
BIPA requires that: "No private entity in possession of a biometric identifier or biometric information may disclose, redisclose, or otherwise disseminate a person's or a customer's biometric identifier or biometric information [unless required to legally]".
NoahFace does NOT disclose, redisclose, or otherwise disseminate biometric data.
BIPA requires that: "A private entity in possession of a biometric identifier or biometric information shall:
NoahFace has designed data protection into the core of the NoahFace Service. In particular: