Skip to Main Content
-

Biometric Data Compliance and Defense

As the use of biometric technologies continues to expand, companies should take stock to ensure compliance with laws and regulations, and seek to mitigate risk of disclosure of potentially sensitive biometric data and exposure to expensive and burdensome class action litigation.

We advise companies that collect, store, and use data, such as voice, face, and iris recognition, fingerprint identification, and hand geometry for individual authentication regarding regulatory compliance and risk mitigation. We take a multidisciplinary approach to support our clients by working closely with the firm’s privacy, data protection and information management, class action litigation defense, and insurance coverage lawyers to advise companies who may collect, store and use biometric data about regulatory compliance, risk mitigation, and litigation defense.

We vigorously defend our clients while offering value by virtue of our extensive cross-disciplinary experience and cost-effective approach. We routinely offer our clients alternative fee arrangements in connection with these matters, including blended rates, flat-fee agreements, and incentive fee arrangements.

Our ability to defend our clients across the United States and around the world is enhanced by the geographic diversity of the firm’s offices and the resources its lawyers can bring to bear in complex matters.

  • Institute administrative, logical, and physical restrictions to restrict the sale or other transfers-for-profit of biometric information.
  • Confirm that the company’s security incident response policy addresses biometric information for those states in which biometric information is subject to data breach notification requirements.
  • Verify that existing data retention and destruction policies include provisions that meet the requirements of the biometric act in a particular state.
  • Check that current information security policies specifically consider the sensitivity of biometric information to ensure that the biometric information laws’ requirement of “reasonable care” is met.
  • Ensure that adequate notice and consent processes are in place when biometric information is collected from employees.
  • Negotiate appropriate provisions in contractual agreements with vendors, contractors, and other third parties to be compliant with biometric regulations.
  • Assess whether companies collect or possess biometric information.
  • Determine whether notice and consent is required and prepare any necessary disclosures.
  • Develop compliance programs for companies outsourcing or employing biometric systems.
  • Confirm all required restrictions are placed on biometric data, including administrative, logical, and physical restrictions.
  • Modify document retention and destruction policies to include provisions that meet the requirements of the biometric laws.
  • Review provisions in contractual agreements with vendors, contractors, or other third parties to determine whether modifications are necessary to mitigate risk.
  • Review potentially applicable insurance policies to determine whether revisions are recommended in order to enhance coverage.
Additional Thought Leadership Pages
Return to top of page

Email Disclaimer

We welcome your email, but please understand that if you are not already a client of K&L Gates LLP, we cannot represent you until we confirm that doing so would not create a conflict of interest and is otherwise consistent with the policies of our firm. Accordingly, please do not include any confidential information until we verify that the firm is in a position to represent you and our engagement is confirmed in a letter. Prior to that time, there is no assurance that information you send us will be maintained as confidential. Thank you for your consideration.

Accept Cancel