Illinois General Assembly - Full Text of HB4102
Illinois General Assembly

  Bills & Resolutions  
  Compiled Statutes  
  Public Acts  
  Legislative Reports  
  IL Constitution  
  Legislative Guide  
  Legislative Glossary  

 Search By Number
 (example: HB0001)
Search Tips

Search By Keyword

Full Text of HB4102  103rd General Assembly

HB4102 103RD GENERAL ASSEMBLY

  
  

 


 
103RD GENERAL ASSEMBLY
State of Illinois
2023 and 2024
HB4102

 

Introduced , by Rep. La Shawn K. Ford

 

SYNOPSIS AS INTRODUCED:
 
740 ILCS 14/10
740 ILCS 14/15

    Amends the Biometric Information Privacy Act. Defines "security purpose" as a purpose to ensure that (i) a person accessing an online product or service is who they person claims to be or (ii) a person identified as a safety concern or as a person violating the terms of use or service of the online product or service can be kept off of or denied access to the product or service. Provides that no private entity in possession of a biometric identifier or biometric information may disclose, redisclose, or otherwise disseminate a person's or customer's biometric identifier or biometric information unless it is done in furtherance of a security purpose. Provides that a private entity is not required to comply with the 3-year retention limitation of biometric identifiers or biometric information if the biometric identifiers or biometric information are being collected for a security purpose.


LRB103 32688 LNS 62409 b

 

 

A BILL FOR

 

HB4102LRB103 32688 LNS 62409 b

1    AN ACT concerning civil law.
 
2    Be it enacted by the People of the State of Illinois,
3represented in the General Assembly:
 
4    Section 5. The Biometric Information Privacy Act is
5amended by changing Sections 10 and 15 as follows:
 
6    (740 ILCS 14/10)
7    Sec. 10. Definitions. In this Act:
8    "Biometric identifier" means a retina or iris scan,
9fingerprint, voiceprint, or scan of hand or face geometry.
10Biometric identifiers do not include writing samples, written
11signatures, photographs, human biological samples used for
12valid scientific testing or screening, demographic data,
13tattoo descriptions, or physical descriptions such as height,
14weight, hair color, or eye color. Biometric identifiers do not
15include donated organs, tissues, or parts as defined in the
16Illinois Anatomical Gift Act or blood or serum stored on
17behalf of recipients or potential recipients of living or
18cadaveric transplants and obtained or stored by a federally
19designated organ procurement agency. Biometric identifiers do
20not include biological materials regulated under the Genetic
21Information Privacy Act. Biometric identifiers do not include
22information captured from a patient in a health care setting
23or information collected, used, or stored for health care

 

 

HB4102- 2 -LRB103 32688 LNS 62409 b

1treatment, payment, or operations under the federal Health
2Insurance Portability and Accountability Act of 1996.
3Biometric identifiers do not include an X-ray, roentgen
4process, computed tomography, MRI, PET scan, mammography, or
5other image or film of the human anatomy used to diagnose,
6prognose, or treat an illness or other medical condition or to
7further validate scientific testing or screening.
8    "Biometric information" means any information, regardless
9of how it is captured, converted, stored, or shared, based on
10an individual's biometric identifier used to identify a
11specific an individual. "Biometric information" does not
12include information derived from items or procedures excluded
13under the definition of biometric identifiers.
14    "Confidential and sensitive information" means personal
15information that can be used to uniquely identify an
16individual or an individual's account or property. Examples of
17confidential and sensitive information include, but are not
18limited to, a genetic marker, genetic testing information, a
19unique identifier number to locate an account or property, an
20account number, a PIN number, a pass code, a driver's license
21number, or a social security number.
22    "Private entity" means any individual, partnership,
23corporation, limited liability company, association, or other
24group, however organized. A private entity does not include a
25State or local government agency. A private entity does not
26include any court of Illinois, a clerk of the court, or a judge

 

 

HB4102- 3 -LRB103 32688 LNS 62409 b

1or justice thereof.
2    "Security purpose" means a purpose to ensure that (i) a
3person accessing an online product or service is who they
4person claims to be or (ii) a person identified as a safety
5concern or as a person violating the terms of use or service of
6the online product or service can be kept off of or denied
7access to the product or service.
8    "Written release" means informed written consent or, in
9the context of employment, a release executed by an employee
10as a condition of employment.
11(Source: P.A. 95-994, eff. 10-3-08.)
 
12    (740 ILCS 14/15)
13    Sec. 15. Retention; collection; disclosure; destruction.
14    (a) A private entity in possession of biometric
15identifiers or biometric information must develop a written
16policy, made available to the public, establishing a retention
17schedule and guidelines for permanently destroying biometric
18identifiers and biometric information when the initial purpose
19for collecting or obtaining such identifiers or information
20has been satisfied or within 3 years of the individual's last
21interaction with the private entity, whichever occurs first.
22Absent a valid warrant or subpoena issued by a court of
23competent jurisdiction, a private entity in possession of
24biometric identifiers or biometric information must comply
25with its established retention schedule and destruction

 

 

HB4102- 4 -LRB103 32688 LNS 62409 b

1guidelines.
2    (b) No private entity may collect, capture, purchase,
3receive through trade, or otherwise obtain a person's or a
4customer's biometric identifier or biometric information,
5unless it first:
6        (1) informs the subject or the subject's legally
7    authorized representative in writing that a biometric
8    identifier or biometric information is being collected or
9    stored;
10        (2) informs the subject or the subject's legally
11    authorized representative in writing of the specific
12    purpose and length of term for which a biometric
13    identifier or biometric information is being collected,
14    stored, and used; and
15        (3) receives a written release executed by the subject
16    of the biometric identifier or biometric information or
17    the subject's legally authorized representative.
18    (c) No private entity in possession of a biometric
19identifier or biometric information may sell, lease, trade, or
20otherwise profit from a person's or a customer's biometric
21identifier or biometric information.
22    (d) No private entity in possession of a biometric
23identifier or biometric information may disclose, redisclose,
24or otherwise disseminate a person's or a customer's biometric
25identifier or biometric information unless:
26        (1) the subject of the biometric identifier or

 

 

HB4102- 5 -LRB103 32688 LNS 62409 b

1    biometric information or the subject's legally authorized
2    representative consents to the disclosure or redisclosure;
3        (2) the disclosure or redisclosure completes a
4    financial transaction requested or authorized by the
5    subject of the biometric identifier or the biometric
6    information or the subject's legally authorized
7    representative;
8        (3) the disclosure or redisclosure is required by
9    State or federal law or municipal ordinance; or
10        (4) the disclosure is required pursuant to a valid
11    warrant or subpoena issued by a court of competent
12    jurisdiction; or .
13        (5) it is done in furtherance of a security purpose.
14    (e) A private entity in possession of a biometric
15identifier or biometric information shall:
16        (1) store, transmit, and protect from disclosure all
17    biometric identifiers and biometric information using the
18    reasonable standard of care within the private entity's
19    industry; and
20        (2) store, transmit, and protect from disclosure all
21    biometric identifiers and biometric information in a
22    manner that is the same as or more protective than the
23    manner in which the private entity stores, transmits, and
24    protects other confidential and sensitive information.
25    (f) A private entity shall not be required to comply with
26the 3-year retention limitation of biometric identifiers or

 

 

HB4102- 6 -LRB103 32688 LNS 62409 b

1biometric information of subsection (a) or the requirements of
2subsection (b) if the biometric identifiers or biometric
3information are being collected for a security purpose.
4(Source: P.A. 95-994, eff. 10-3-08.)