Insurance companies are becoming more cautious about coverage for businesses that collect and store biometric data, in light of recent biometric privacy legislation and judicial action.
Here are the relevant laws – and some suggested best practices – businesses should be paying attention to.
What is biometric information?
Biometrics are physical characteristics – such as retina or iris patterns, fingerprints, or facial features – that can be used for quick, automated identification. Increasing numbers of stores, airports and arenas are now collecting or exploring how to collect biometric information from consumers, according to a recent policy statement from the Federal Trade Commission. Companies also are collecting this information from employees to track time and attendance and to secure access to company devices and networks.
What should businesses know about biometric privacy laws?
In 2008, Illinois instituted a landmark Biometric Information Privacy Act, in response to Chicago being used as a biometric technology testing location for financial transactions. The primary concern was that, unlike a Social Security number, a fingerprint or other biometric identifier cannot be changed if it is compromised. The law not only requires the receipt of a written release from anyone whose information is being collected, but it also gives people the right to take legal action if their privacy is violated.
This year, the Illinois Supreme Court issued a ruling that has major implications for businesses in violation of the state’s privacy act: In Cothron vs. White Castle System, Inc., a case alleging that White Castle repeatedly collected employee fingerprints and disclosed that information to a third party without employee consent, the Illinois Supreme Court said a new claim accrued under the Biometric Information Privacy Act every time an employee’s biometric information was scanned or transmitted – not just upon the initial scan. White Castle estimated the decision could cost the company more than $17 billion in damages.
Outside of Illinois, both Washington and Texas have passed their own biometric privacy laws, and several other state legislatures were considering similar laws earlier this year, according to the 2023 State Biometric Privacy Law Tracker from Husch Blackwell.
What are insurers doing in response?
Right now, there is no standard response from insurance companies when dealing with businesses that collect biometric information.
Some are including outright exclusions in employment practices liability policies, meaning there is no coverage if employees file lawsuits alleging biometric privacy violations. Other companies are asking businesses that use biometric data to fill out questionnaires confirming:
- They have a policy in place that addresses the Biometric Information Privacy Act
- There are written policies that address the retention and destruction of biometric information
- The company has a written consent and a release from each employee
- Employees are required to sign an arbitration agreement that includes a class action waiver
It’s important to note that these new exclusions and questionnaires are being extended to businesses that are domiciled in states that don’t yet have privacy acts in place.
How can Schauer Group help?
The team at Schauer Group can:
- Provide updated information about the best practices insurance companies are looking for when it comes to biometric information
- Help your business find a trusted legal partner to provide additional guidance about adhering to the regulations in the states where your business operates
- Evaluate your existing insurance policies to make sure they are not excluding for biometric information
If you have questions, or if you’d like to discuss further, please reach out to your Schauer Group advisor.
About Schauer Group
Schauer Group, Inc. is an independently owned insurance and risk management advisory firm, providing risk management, business insurance, human capital services, employee benefits, contract surety, and personal insurance to clients nationwide. With an industry-leading 95 percent client retention rate, Schauer Group is committed to attracting and developing the region’s top talent and giving back to the communities where associates live and work.
Note: This communication is for informational purposes only. It is not intended to be construed as legal or financial advice and should not be relied on as such. No material contained within this website should be construed or relied upon as providing recommendations in relation to any specific legal, financial, investment, or insurance product. Before making any commitment of a legal, financial, investment, or insurance nature, you should seek advice from a qualified and registered practitioner or adviser who can appraise your specific needs. Schauer Group, Inc. disclaims any and all liabilities incurred as a result of reliance upon the information presented herein.
- Federal Trade Commission | Policy Statement of the Federal Trade Commission on Biometric Information and Section 5 of the Federal Trade Commission Act
- SHRM | The Future of Biometrics in the Workplace
- Illinois General Assembly | Biometric Information Privacy Act
- Illinois Supreme Court | Latrina Cothron, Appellee, V. White Castle System, Inc., Appellant
- Husch Blackwell | 2023 State Biometric Privacy Law Tracker
© 2023 Schauer Group. All Rights Reserved.