Emerging Biometric Data Risks

Similar documents
Biometric Information Privacy Act Litigation Explosion

Biometrics: New Laws and Potential Litigation Implications

Expert Q&A on Biometrics in the Workplace: Recent Developments and Trends

Biometrics in the Workplace. The Promise and Peril of It s Use

2017 IL App (2d) No Opinion filed December 21, 2017 IN THE APPELLATE COURT OF ILLINOIS SECOND DISTRICT

I. FACIAL RECOGNITION TECHNOLOGY: THE ABILITY TO PERSONALLY IDENTIFY SOMEONE FROM A PHOTOGRAPH

Rivera et al v. Google, Inc. Doc. 60

IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF ILLINOIS EASTERN DIVISION ) ) ) ) ) ) ) ) ) MEMORANDUM OPINION AND ORDER

Case: 1:16-cv Document #: 1 Filed: 03/04/16 Page 1 of 16 PageID #:1 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF ILLINOIS

Case: 1:17-cv Document #: 1 Filed: 08/18/17 Page 1 of 13 PageID #:1

Case 3:15-cv JD Document 294 Filed 02/26/18 Page 1 of 10 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA

PRESENTATION TITLE. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

The Journal of the Antitrust, UCL and Privacy Section of the State Bar of California

This tutorial also provides a glimpse of various security issues related to biometric systems, and the comparison of various biometric systems.

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF ALASKA ORDER RE MOTION TO DISMISS

BRIEF AMICUS CURIAE OF INTERNET ASSOCIATION IN SUPPORT OF THE APPELLEES

Case 3:15-cv JD Document 285 Filed 01/26/18 Page 1 of 33

Why Biometrics? Why Biometrics? Biometric Technologies: Security and Privacy 2/25/2014. Dr. Rigoberto Chinchilla School of Technology

Case: , 12/07/2018, ID: , DktEntry: 31-1, Page 1 of 74 REDACTED VERSION OF DOCUMENT FILED UNDER SEAL. No

Research Article. ISSN (Print)

ROBBINS GELLER RUDMAN & DOWD LLP. Counsel for In re Facebook Biometric Info. Plaintiffs and the Putative Class IN THE UNITED STATES DISTRICT COURT

Recommended Practice 1701 l

E-FILED 9/18/ :17 AM Carolyn Taft Grosboll SUPREME COURT CLERK. SUBMITTED Megan O'Brien - 9/18/ :17 AM

Hong Kong General Chamber of Commerce Roundtable Luncheon 13 April 2016 Collection and Use of Biometric Data

[To be published in THE GAZETTE OF INDIA, EXTRAORDINARY, Part II, Section 3, Sub-section (i) of dated the , 2011]

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA

Biometrics from a legal perspective dr. Ronald Leenes

CPSC 467b: Cryptography and Computer Security

FOIA Exemptions 6 & 7C Personal Privacy Exemptions

1/10/12. Introduction. Who are you?? Person Identification. Identification Problems. How are people identified?

Case: 1:16-cv Document #: 1-1 Filed: 03/04/16 Page 1 of 1 PageID #:17 CIVIL COVER SHEET

Consumer Attitudes About Biometric Authentication

Data Breach Charts. November 2017

4/2/14. Who are you?? Introduction. Person Identification. How are people identified? People are identified by three basic means:

LATEST IN BIOMETRIC TECHNOLOGY IN THE SERVICE OF TRAVEL SECURITY. Presented By: Cristian Morosan - University of Houston

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA

Case: 1:17-cv Document #: 40 Filed: 05/31/18 Page 1 of 38 PageID #:467

Introduction to Health Insurance Portability and Accountability Act (HIPAA): How It Affects Law Enforcement. Prepared by:

LEGISLATION. The "BIOMETRIC AND SOCIAL SECURITY NUMBER RELIGIOUS EXEMPTION ACT"

THE GENERAL ASSEMBLY OF PENNSYLVANIA HOUSE BILL

FOIA Exemptions 6 & 7C Personal Privacy Exemptions

No IN THE United States Court of Appeals for the Ninth Circuit

IN THE ILLINOIS SUPREME COURT

No IN THE SUPREME COURT OF ILLINOIS

PRIVACY IMPLICATIONS OF BIOMETRIC DATA. Kevin Nevias CISSP, CEH, CHFI, CISA, CISM, CRISC, CGEIT, CCNA, G /20/16

Standing After Spokeo What does it mean for an injury to be concrete?

Case: Document: 31 Filed: 11/17/2016 Pages: 18. No IN THE UNITED STATES COURT OF APPEALS FOR THE SEVENTH CIRCUIT

Biometrics & Accessibility

Law Enforcement Access to Patients and Information

International Biometrics & Identification Association

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA

Virtual Reality, Augmented Reality & Biometric Data after 2017

Opinion 3/2012 on developments in biometric technologies

CRS Report for Congress

State Data Breach Laws

SUPREME COURT OF THE UNITED STATES

SUMMARY INTRODUCTION. xiii

Security Breach Notification Chart

THE KEYLESS SOCIETY. Reading Practice

SCHWARTZ & BALLEN LLP 1990 M STREET, N.W. SUITE 500 WASHINGTON, DC

Case: 1:16-cv Document #: 207 Filed: 12/29/18 Page 1 of 28 PageID #:<pageid>

E-FILED 9/18/ :27 AM Carolyn Taft Grosboll SUPREME COURT CLERK. SUBMITTED Gary Miller - 9/18/ :27 AM

'Injury In Fact' Standing After Cambridge Analytica

Health Information Privacy Code 1994

Emergence of multimodal biometrics at the Border Biometrics Institute Asia-Pacific Conference

for fingerprint submitting agencies and contractors Prepared by the National Crime Prevention and Privacy Compact Council

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER U.S. CUSTOMS AND BORDER PROTECTION DEPARTMENT OF HOMELAND SECURITY

Biometrics how to put to use and how not at all?

The Open Biometrics Initiative and World Card

Machine Readable Travel Documents: Biometrics Deployment. Barry J. Kefauver

Case 1:15-cv JGK Document 74 Filed 01/30/17 Page 1 of 51

Biometric Technology for DLID

Privacy Developments: Private Litigation, Enforcement Actions, Legislation, and Administrative Actions

INTERPOL s face programme for a safer world. Mark Branchflower Monday 17th March 2014

Biometric Authentication

Kane County Local Rule

STATE OF ILLINOIS ILLINOIS STATE POLICE ADAM WALSH CHILD PROTECTION ACT USER AGREEMENT BETWEEN THE ILLINOIS STATE POLICE AND

Security Breach Notification Chart

Biometrics how to put to use and how not at all?

Security Breach Notification Chart

Policy Framework for the Regional Biometric Data Exchange Solution

THE SURVEILLANCE AND COMMUNITY SAFETY ORDINANCE

Security Breach Notification Chart

A2.000 DEFINITIONS OF TERMS (SAB note: proposed new terms, as well as current relevant terms, appear below)

PREPARING, TAKING AND APPLYING MEDICAL TESTIMONY TO SUPPORT A PERSONAL INJURY CASE

E-Filing Court Documents In Escambia County

S 0153 S T A T E O F R H O D E I S L A N D

Authorised Version No Coroners Act No. 77 of 2008 Authorised Version incorporating amendments as at 1 August 2013 TABLE OF PROVISIONS

IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF MISSISSIPPI DELTA DIVISION CIVIL ACTION NO. 2:07CV042-P-B

[Second Reprint] SENATE, No STATE OF NEW JERSEY. 212th LEGISLATURE INTRODUCED OCTOBER 16, 2006

M-Polling with QR-Code Scanning and Verification

Biometrics Technology for Human Recognition

Case 1:15-cv WTL-DML Document 58 Filed 10/10/17 Page 1 of 6 PageID #: 345

Biometrics Overview. Introduction. Biometrics is a general term used alternatively to describe a characteristic or a process. As a characteristic:

The Upcoming International Biometric Vocabulary Standard

Legal aspects of biometric data processing : current state of affairs. Dr. E. J. Kindt MIPRO 2015

Case 8:16-cv CJC-AGR Document 24 Filed 09/07/16 Page 1 of 7 Page ID #:282

PRIVACY MANAGEMENT PLAN

Massachusetts Executive Office of Public Safety and Security. Statewide Applicant Fingerprint Identification Services (SAFIS) Program

Confronting Biometric Detractors

Transcription:

Emerging Biometric Data Risks January 24, 2018 Paul Karlsgodt Melinda McLellan Melissa Siebert

Speakers Paul Karlsgodt Partner Denver pkarlsgodt@bakerlaw.com 303.764.4013 Melinda L. McLellan Partner New York mmclellan@bakerlaw.com 212.589.4679 Melissa A. Siebert Partner Chicago msiebert@bakerlaw.com 312.416.6212 2

Agenda Overview of Biometrics Definitions and applications Existing laws Biometrics in the news Consumer Litigation Illinois BIPA Litigation Surge 3

Terminology Biometric information vs. biometric identifiers Information can be almost any physiological data, but it does not necessarily identify an individual (e.g., height, weight, blood pressure) Identifiers are a subset: unique biological characteristics that can be used to distinguish individuals (e.g., fingerprints, retinal scans, genetic data) May be stored in other formats Definitions vary by law and context, and are evolving Increasingly sophisticated technology blurs the lines what was once merely information may soon be an identifier 4

Example: BIPA Definitions Biometric identifier means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include donated organs, tissues, or parts as defined in the Illinois Anatomical Gift Act or blood or serum stored on behalf of recipients or potential recipients of living or cadaveric transplants and obtained or stored by a federally designated organ procurement agency. Biometric identifiers do not include biological materials regulated under the Genetic Information Privacy Act. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. Biometric identifiers do not include an X- ray, roentgen process, computed tomography, MRI, PET scan, mammography, or other image or film of the human anatomy used to diagnose, prognose, or treat an illness or other medical condition or to further validate scientific testing or screening. (emphasis added) Biometric information means any information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.

Biometric Tech in Action Law enforcement and security purposes Commercial applications Authentication Marketing Enhanced user experience Athletic tracking Personal use (the quantified self ) Recently: Google s Arts & Culture App 6

State Laws Illinois 740 ILCS 14 Biometric Information Privacy Act (2008) Texas BUS & COM 503.001 Capture or Use of Biometric Identifier (2009) Washington RCW 19.375 Biometric Identifiers (2017) Some states have limited laws applicable to certain types of entities or identifiers Multiple states have proposed laws

Consumer Litigation Key issues, generally: Can a plaintiff recover statutory damages for pure procedural violation? Federal courts probably not Spokeo, Inc. v. Robins, 136 S.Ct. 1540 (2016); McCollough v. Smarte Carte, Inc., 2016 WL 4077108 (N.D. Ill. Aug. 1, 2016), State courts question hinges on whether liquidated damages are available and whether plaintiff is aggrieved when alleged injury is purely procedural. Is there a privacy interest in biometric data such that the mere appropriation is damage in and of itself? Is there a market for the information? Is an encrypted, mathematical representation of biometric data really biometric data itself? Illinois statute includes information derived from biometric data.

Consumer Litigation Facial recognition cases (Illinois BIPA): Is facial recognition data biometric information even if it comes from a photograph? Rivera v. Google, Inc., 238 F.Supp.3d 1088 (2017) Monroy v. Shutterfly, Inc., 2017 WL 4099846 (Sept. 15, 2017) In re Facebook Biometric Information Privacy Litigation, 185 F. Supp.3d 1155 (2016) Fingerprint cases (Illinois BIPA) Can plaintiff recover liquidated damages under the statute for mere procedural violation of the statute? Rosenbach v. Six Flags Entertainment Corp., 2017 IL App (2d) 170317 (No relief available for a person who is not aggrieved ) Sekura v. Krishna Schaumburg Tan, 2017 WL 1181420 (motion to dismiss with prejudice granted Jan. 16, 2018) (injunctive relief available, but no liquidated damages)

Consumer Litigation Breach of biometric information Impact on future injury analysis unclear Is standing/injury threshold lower when information is something that uniquely identifies a person and can never be changed? In re U.S. Office of Personnel Management Data Security Breach Litigation, No. 1:15-mc-01394 (D.D.C.) Future injury not sufficient. Genetic information (Alaska) Alaska Genetic Privacy Act, Ak. St. 18.13.010 et seq. Written notification requirements similar to BIPA Huge statutory damages available - $100,000 per violation if the defendant profited from the use of genetic information Cole v. Gene by Gene, Ltd., Case No. 1:14-cv-00004-SLG (D. Ak.)

Illinois BIPA Litigation Surge Why BIPA is a Hot Topic Statutory damages Attorneys fees Key terms undefined/untested

Illinois BIPA Litigation Surge How Big is BIPA? 60+ BIPA class actions filed Focus on data privacy in workplace Large # of potential plaintiffs Surprise Factor

Illinois BIPA Litigation Surge The Face of BIPA Litigation Few dispositive rulings Actual injury Issues Removal/remand The technology itself Substantial compliance

Illinois BIPA Litigation Surge Is There a Quick Fix Policy implementation issues Class action waiver General waivers Settlement difficulties

Questions & Answers Paul Karlsgodt Partner Denver pkarlsgodt@bakerlaw.com 303.764.4013 Melinda L. McLellan Partner New York mmclellan@bakerlaw.com 212.589.4679 Melissa A. Siebert Partner Chicago msiebert@bakerlaw.com 312.416.6212 16

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback