Texas Biometric Privacy Law
Since 2009, Texas has had a biometric privacy act which prohibits the capture of an individual’s biometric identifiers for a commercial purpose unless the individual is first informed and has consented to such data collection. The law also limits the sale or disclosure of an individual’s biometric information except under limited circumstances.
In the law, “biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or recording of hand or face geometry.
What Businesses Are Covered Under Texas’ Biometric Privacy Act?
Compliance with the law is mandatory for all organizations that seek to capture an individual’s biometric information for a commercial purpose.
Key requirements of the Texas Biometric Privacy Act
The law says a person or entity may not capture biometric identifiers of an individual for a commercial purpose unless the person or entity:
The law also prohibits a person who possesses a biometric identifier of an individual that is captured for a commercial purpose from selling or leasing or otherwise disclosing the biometric identifier to another person unless:
Other key requirements of the law include:
The law does not apply to voiceprint data retained by a financial institution.
Who Enforces the Texas Biometric Privacy Act? What Are Penalties for Non-compliance?
A violation of this law is subject to a civil penalty of not more than $25,000 for each violation. The attorney general may bring an action to recover the civil penalty.