White Paper

Best Practices for Responding to State Biometric Regulations

In response to state regulations governing the use of biometrics, retail and hospitality operators are reviewing and updating their policies to comply with evolving privacy mandates.

The good news is that addressing compliance requirements with state biometric regulations is well within the reach of most companies.

There are some common-sense steps that retailers and hospitality operators must take as part of their employee facing biometric deployments. It all starts with a cohesive, documented plan and proper communications.

Before collecting a person’s biometric information, you should first:

  • Indicate if the biometric enrollment is voluntary or involuntary; and if voluntary what is the alternative process;
  • Provide the person with a detailed written policy that includes the specific purpose for and how the data will be collected, length of time for which their biometric information is being stored, retained, used and destroyed;
  • Require a signed consent before collecting the data; and
  • Document and implement a security protocol to protect the data.
If you are a retail or hospitality operator interested in applying best practices to your biometric programs, we would be able to help.

As a reference, we offer an example disclosure that can provide a good start in your company’s compliance review. Although these examples are based on BIPA and other state regulations, you will need to review them with your counsel and tailor them to your particular state regulatory requirements.