100TH GENERAL ASSEMBLY
State of Illinois
2017 and 2018
HB4330

 

Introduced , by Rep. Sam Yingling

 

SYNOPSIS AS INTRODUCED:
 
740 ILCS 14/15

    Amends the Biometric Information Privacy Act. Provides that except to the extent necessary for an employer to conduct background checks or implement employee security protocols, a private entity may not require a person or customer to provide his or her biometric identifier or biometric information as a condition for the provision of goods or services. Provides that the new provisions do not apply to: (i) companies that provide medical services; (ii) law enforcement agencies; or (iii) governmental entities.


LRB100 16626 HEP 31763 b

 

 

A BILL FOR

 

HB4330LRB100 16626 HEP 31763 b

1    AN ACT concerning civil law.
 
2    Be it enacted by the People of the State of Illinois,
3represented in the General Assembly:
 
4    Section 5. The Biometric Information Privacy Act is amended
5by changing Section 15 as follows:
 
6    (740 ILCS 14/15)
7    Sec. 15. Retention; collection; disclosure; destruction.
8    (a) A private entity in possession of biometric identifiers
9or biometric information must develop a written policy, made
10available to the public, establishing a retention schedule and
11guidelines for permanently destroying biometric identifiers
12and biometric information when the initial purpose for
13collecting or obtaining such identifiers or information has
14been satisfied or within 3 years of the individual's last
15interaction with the private entity, whichever occurs first.
16Absent a valid warrant or subpoena issued by a court of
17competent jurisdiction, a private entity in possession of
18biometric identifiers or biometric information must comply
19with its established retention schedule and destruction
20guidelines.
21    (a-5) Except to the extent necessary for an employer to
22conduct background checks or implement employee security
23protocols, a private entity may not require a person or

 

 

HB4330- 2 -LRB100 16626 HEP 31763 b

1customer to provide his or her biometric identifier or
2biometric information as a condition for the provision of goods
3or services. This subsection (a-5) does not apply to: (i)
4companies that provide medical services; (ii) law enforcement
5agencies; or (iii) governmental entities.
6    (b) No private entity may collect, capture, purchase,
7receive through trade, or otherwise obtain a person's or a
8customer's biometric identifier or biometric information,
9unless it first:
10        (1) informs the subject or the subject's legally
11    authorized representative in writing that a biometric
12    identifier or biometric information is being collected or
13    stored;
14        (2) informs the subject or the subject's legally
15    authorized representative in writing of the specific
16    purpose and length of term for which a biometric identifier
17    or biometric information is being collected, stored, and
18    used; and
19        (3) receives a written release executed by the subject
20    of the biometric identifier or biometric information or the
21    subject's legally authorized representative.
22    (c) No private entity in possession of a biometric
23identifier or biometric information may sell, lease, trade, or
24otherwise profit from a person's or a customer's biometric
25identifier or biometric information.
26    (d) No private entity in possession of a biometric

 

 

HB4330- 3 -LRB100 16626 HEP 31763 b

1identifier or biometric information may disclose, redisclose,
2or otherwise disseminate a person's or a customer's biometric
3identifier or biometric information unless:
4        (1) the subject of the biometric identifier or
5    biometric information or the subject's legally authorized
6    representative consents to the disclosure or redisclosure;
7        (2) the disclosure or redisclosure completes a
8    financial transaction requested or authorized by the
9    subject of the biometric identifier or the biometric
10    information or the subject's legally authorized
11    representative;
12        (3) the disclosure or redisclosure is required by State
13    or federal law or municipal ordinance; or
14        (4) the disclosure is required pursuant to a valid
15    warrant or subpoena issued by a court of competent
16    jurisdiction.
17    (e) A private entity in possession of a biometric
18identifier or biometric information shall:
19        (1) store, transmit, and protect from disclosure all
20    biometric identifiers and biometric information using the
21    reasonable standard of care within the private entity's
22    industry; and
23        (2) store, transmit, and protect from disclosure all
24    biometric identifiers and biometric information in a
25    manner that is the same as or more protective than the
26    manner in which the private entity stores, transmits, and

 

 

HB4330- 4 -LRB100 16626 HEP 31763 b

1    protects other confidential and sensitive information.
2(Source: P.A. 95-994, eff. 10-3-08.)