.png)
The Illinois Biometric Information Privacy Act ("BIPA") aims to “regulate the collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information”. If your organization operates in Illinois or you have employees that are residents of Illinois, you need to comply with BIPA. You can read the full text of BIPA in the Illinois Compiled Statutes.
Noah Facial Recognition Pty Ltd ("NoahFace") is committed to privacy and provides you with extensive capabilities in the NoahFace App and Dashboard (collectively the "NoahFace Service") to help you comply with BIPA. However, it is important to note that if your organization uses the NoahFace Service you cannot rely on the capabilities of the NoahFace Service alone. You must ensure you configure and use the NoahFace Service appropriately to comply with BIPA and that you comply with the non-system requirements of BIPA. For example, you should update your employment agreements to cover the use of biometrics, ensure your premises and devices are physically secured, and update your own public privacy policy to cover the use of biometrics. Given the importance of privacy, you should obtain your own professional legal advice to ensure you are fully compliant.
The sections below detail the requirements of BIPA and explain how NoahFace provides you with capabilities in the NoahFace Service to help you comply with each of them.
BIPA requires that: "No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information, unless it first:
The NoahFace Service displays a written privacy statement which informs subjects that biometric data will be collected (before it is collected), the specific usage of the biometric data, and the length of term for which the biometric data will be stored.
If the privacy statement is accepted, the NoahFace Service will capture the subject's photo and extract their biometric data. If the privacy statement is not accepted, the subject can still use the NoahFace Service by manually identifying themselves using non-biometric methods (eg: passcodes).
The date and time each subject accepts the privacy statement is recorded and can be viewed through the NoahFace Service.
BIPA requires that: "A private entity in possession of biometric identifiers or biometric information must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first."
NoahFace has a written privacy policy, made available on our public Web site (NoahFace Privacy Policy), which covers the retention and destruction of data, including biometrics data.
In particular, the NoahFace Service will automatically destroy a subject's biometric data whenever either:
BIPA requires that: "No private entity in possession of a biometric identifier or biometric information may sell, lease, trade, or otherwise profit from a person's or a customer's biometric identifier or biometric information."
NoahFace does NOT sell, lease, trade, or otherwise profit from biometric data.
BIPA requires that: "No private entity in possession of a biometric identifier or biometric information may disclose, redisclose, or otherwise disseminate a person's or a customer's biometric identifier or biometric information [unless required to legally]".
NoahFace does NOT disclose, redisclose, or otherwise disseminate biometric data.
BIPA requires that: "A private entity in possession of a biometric identifier or biometric information shall:
NoahFace has designed data protection into the core of the NoahFace Service. In particular:
