New York Introduces Its Own Version of Illinois’ BIPA
By GRSMCyberPrivacyTeam on January 12, 2021
In 2010, Illinois passed the Biometric Information Privacy Act, leading to over one thousand class action complaints between the years 2015 and 2020, alone. On January 6, 2021, the New York state legislature introduced Assembly Bill 27, titled the New York Biometric Privacy Act (“BPA”), which is a carbon copy version of the Illinois law.
New York’s BPA proposes to prohibit private entities from capturing, collecting, or storing a person’s biometrics without first implementing a policy and obtaining the person’s written consent. The New York BPA would provide for the identical remedies as the Illinois version, specifically, a private right of action with the ability to recover $1,000 for each negligent violation, $5,000 for each intentional or reckless violation, along with reasonable attorneys’ fees and costs.
While New York’s BPA is only proposed, if the language of the bill remains unchanged, New York companies can expect a similarly heavy flow of litigation. Companies operating in New York that utilize data that at all resembles biometric data should consider immediate steps towards prospective compliance. Companies should be auditing their practices and begin to develop written procedures so that, in the event New York’s BPA passes as written, exposure is limited from the outset. The language of the bill provides that the BPA shall take effect ninety (90) days after becoming law. We will continue to monitor the progress of the proposed legislation as it moves through the Assembly and the Senate.