. true
Find an Insurance Agent

Biometric Data Is Great for Business, As Long As It’s Used Properly

Jeff Weaver, Assistant Vice President, Management Liability Insurance 

By Jeff Weaver
Assistant Vice President, Management Liability Insurance

If you’ve ever opened your smartphone using your fingerprint or facial recognition, you’ve used a biometric identifier. This technology has become commonplace in the business world, with benefits like efficiency gains, reduced expenses, and more accurate data and analytics. 

Automated recognition technology captures and stores biometric data – physiological or behavioral information – for future verification, making it easier for employees to do things like access secured data and check-in and out of work. However, biometric data is widely acknowledged as sensitive and private, and state legislatures and regulators are increasingly interested in the usage of this information. Therefore you must stay informed about the rapidly evolving legal landscape and have procedures in place to reduce the risk of regulatory fines or damages.

Here are some actions you should consider taking, with the guidance of legal counsel:

1. Determine If Your Organization Is Collecting or Using Biometric Data

First, determine if your organization is collecting and/or using biometric data and, if so, from whom you are collecting the data.

2. Review the Biometric Laws and Regulations for Each State

Each state has varying laws and regulations regarding biometric data collection. No comprehensive federal law currently exists for biometric data, so it’s essential to know whether and how a state regulates the data you capture or use to help ensure compliance.

3. Ensure Legal Compliance

If your organization is legally required to provide notice and receive consent for collecting and using biometric data, have policies in place and take action to remain compliant. Even if your business isn’t legally required to provide notice and receive consent, consider whether and how you may choose to do so before collecting or using biometric data.

4. Review Vendor Agreements and Relationships

If you have partnered with any third parties, they may have access to or use your organization’s biometric data. Take steps to protect your organization, including ensuring that third parties’ security measures are sufficiently robust and that any agreements contain appropriate risk-transfer provisions.

5. Train Your Employees

Implement a comprehensive training program, so your employees understand how to handle biometric data.

Being proactive about acquiring and using biometric data is the best way to control your legal exposure.

About the Author

Jeff Weaver, Assistant Vice President, Management Liability Insurance, is responsible for all Management Liability Lines including Directors & Officers Insurance, Employment Practices Liability and Fiduciary liability, as well as Cyber Liability across the company.