Justin Kay Comments on the Anticipated Increase of State Breach Laws for Biometric Data

Chicago partner Justin Kay spoke with Legaltech News about the anticipated increase of state breach laws for biometric data in the article, “Few State Breach Laws Include Biometrics, but That Could Soon Change.”

The legal industry publication reports that only 16 states—Arizona, California, Colorado, Delaware, Illinois, Iowa, Louisiana, Maryland, Nebraska, New Mexico, New York, North Carolina, South Dakota, Washington, Wisconsin and Wyoming—require notification if a resident’s fingerprint or other biometric information is breached, but that several states have gone beyond amending their data breach notification laws to enacting laws specifically regulating the collection.

Kay added that San Francisco and Oakland, California, and Somerville, Massachusetts, have banned local authorities from using facial recognition technology over concerns regarding identification accuracy and to protect residents’ privacy.

Legaltech News reports that while biometric data is only listed in roughly one-third of the nation’s data breach notification laws, industry professionals say that more states may add the term to their law given the increasing number of high-profile data breaches that are grabbing the public’s interest.

“There’s a lot of interest around it and not all of the news about it has been good and I think when you combine all those factors, it’s a good storm for more legislation,” Kay said.