Washington Biometric Privacy Protection Act (House Bill 1493)
What Is Washington Biometric Privacy Protection Act (House Bill 1493)?
Passed in May 2017, House Bill 1493 sets forth requirements on businesses that collect and use biometric information for commercial purposes. It prohibits any “person” from “enrolling” a biometric identifier in a database for a commercial purpose without first providing notice, obtaining consent, or providing a mechanism to prevent the subsequent use of a biometric identifier for a commercial purpose. It also places restrictions on the sale, lease, and other disclosure of enrolled biometric identifiers.
How Does the Washington Biometric Privacy Protection Act Define “Biometric Identifier”?
H.B. 1493 defines “biometric identifier” as data generated by automatic measurements of an individual’s biological characteristics, such as a fingerprint, voiceprint, eye retinas, irises, or other unique biological patterns or characteristics that are used to identify a specific individual. The law does not specifically provide for a “scan of hand or face geometry”. It specifically excludes “physical or digital photograph, video or audio recording or data generated therefrom.”
The law regulates the “enrolling” of biometric identifiers in a database. Enrolling is defined as an activity “to capture a biometric identifier of an individual, convert it into a reference template that cannot be reconstructed into the original output image, and store it in a database that matches the biometric identifier to a specific individual.”
What Businesses Are Covered Under the Washington Biometric Privacy Protection Act?
The law applies to all individuals and non-government entities that collect, use, and retain “biometric identifiers” as defined in the statute. However, H.B. 1493 exempts persons that collect, capture, enroll, or store biometric identifiers in furtherance of a “security purpose.”
Key Requirements For Businesses Subject to H.B. 1493
Who Enforces H.B. 1493 and What Are the Penalties for Non-Compliance?
The law does not allow for a private right of action. The law is enforced by the Washington state attorney general. Since the law has only been in effect since 2017, specific details on penalties for non-compliance remain to be seen.