Here are some actions you should consider taking, with the guidance of legal counsel:
1. Determine If Your Organization Is Collecting or Using Biometric Data
First, determine if your organization is collecting and/or using biometric data and, if so, from whom you are collecting the data.
2. Review the Biometric Laws and Regulations for Each State
Each state has varying laws and regulations regarding biometric data collection. No comprehensive federal law currently exists for biometric data, so it’s essential to know whether and how a state regulates the data you capture or use to help ensure compliance.
3. Ensure Legal Compliance
If your organization is legally required to provide notice and receive consent for collecting and using biometric data, have policies in place and take action to remain compliant. Even if your business isn’t legally required to provide notice and receive consent, consider whether and how you may choose to do so before collecting or using biometric data.
4. Review Vendor Agreements and Relationships
If you have partnered with any third parties, they may have access to or use your organization’s biometric data. Take steps to protect your organization, including ensuring that third parties’ security measures are sufficiently robust and that any agreements contain appropriate risk-transfer provisions.
5. Train Your Employees
Implement a comprehensive training program, so your employees understand how to handle biometric data.
Being proactive about acquiring and using biometric data is the best way to control your legal exposure.
About the Author
Jeff Weaver, Assistant Vice President, Management Liability Insurance, is responsible for all Management Liability Lines including Directors & Officers Insurance, Employment Practices Liability and Fiduciary liability, as well as Cyber Liability across the company.