Biometrics has rapidly become ubiquitous in our daily lives and will continue to proliferate at an astonishing pace moving forward. In response, lawmakers have sought to pass new, targeted laws that would impose stringent legal obligations and restrictions on the collection and use of biometric data, many of which also contain private rights of action. Regulators are also now seeking to police improper biometrics practices as well. To further complicate matters, enterprising plaintiffs' attorneys have attempted to stretch the contours of current laws with fairly reasonable success, creating tremendous liability exposure for even small-scale uses of biometric data. Thus, ensuring legal compliance through comprehensive, enterprise-wide biometric privacy compliance programs and strategic risk management measures is essential to mitigating the outsized legal risks that arise when leveraging the benefits of biometrics in commercial operations.
To support the significant need for guidance on the implementation and use of cutting-edge biometric technologies, Baker Donelson maintains a robust, multidisciplinary Biometrics practice. Our Biometrics team members provide skilled yet practical advice on utilizing biometric tools and systems in a manner that maximizes benefits, while also maintaining compliance with the law and mitigating associated legal risks. They are also experienced in aggressively defending class action claims involving alleged noncompliance with today's patchwork of biometric privacy laws.
Our Team
Our Biometrics Team brings together a wealth of experience across a myriad of practice areas, including data privacy, artificial intelligence (AI), emerging companies, labor and employment, litigation, and technology, among others. Our lawyers have intricate experience with the full range of biometric privacy laws and regulations at the municipal, state, federal, and international levels. Our team includes the author of Biometric Data Privacy Compliance & Best Practices found on LexisNexis®, as well as a number of Certified Information Privacy Professionals (CIPP/US and CIPP/E). We regularly advise clients ranging from startups to Fortune 50 organizations across a wide variety of industries, including communications, financial services, health care, real estate, retail, food, eyewear, entertainment/sports, and technology.
Baker Donelson's Biometrics Team devotes significant time and resources to staying abreast of new and emerging biometric technologies introduced for commercial use. We help clients anticipate and prepare for new compliance requirements and legal and regulatory changes by studying recent legal decisions impacting the use of biometric data and monitoring legal trends, pending legislation, and other legal developments.
Our Services
- Regulatory Compliance. We provide skilled regulatory counseling on the full range of biometrics laws in existence, including the Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), Washington's HB 1493 biometrics law (HB 1493), Portland's private-sector facial biometrics ordinance, New York City's "commercial establishments" biometric identifier information ordinance, and the New York City Tenant Data Privacy Act (TDPA). We also advise clients on the use of biometric data so that they are in compliance with emerging U.S. state privacy laws and the EU General Data Protection Regulation (GDPR). In addition, we provide guidance on regulatory compliance pertaining to the Federal Trade Commission's (FTC) increased focus on policing commercial biometrics practices, especially with respect to facial biometrics.
- Proactive Risk Management and Strategy Development. We advise clients on how to manage and mitigate the growing legal risks that arise when using biometric data, such as data retention and destruction best practices, class action litigation readiness, employee training, and internal policies and procedures. We also advise on novel and challenging liability stemming from unique issues such as marketing materials and potential mass arbitration.
- Product Counseling. We counsel clients as they bring new biometrics-powered products and services to the market. As product counsel, we work closely with clients' business and legal teams in the development and launch of new products and services. We also continue to provide ongoing advice and support in connection with new legal obligations and other relevant developments throughout the product lifecycle.
- Compliance Program Development. We partner with clients to proactively manage risk through the development of comprehensive, enterprise-wide biometric privacy compliance programs for all types of technologies and forms of data. We also work with clients to strengthen and enhance existing biometrics compliance programs by completing audits of current programs; developing remediation plans to address and eliminate compliance gaps; preparing modifications and updates to organizational privacy policies, notices, and consents pursuant to such remediation plans; and advising on the development and implementation of additional practical measures to facilitate ongoing compliance with future biometric privacy laws.
- Policies, Procedures, and Related Disclosures. We regularly develop detailed, complex online biometrics disclosures, including biometrics-specific privacy policy language, notice and consent clickwrap language, terms and conditions, online arbitration provisions, and class action waivers. We also advise on the design, layout, appearance, and content of clickwrap agreements for all types of online contracts to ensure enforceability against customers and other website visitors. We conduct compliance audits and gap analyses of online privacy policies, notices, consents, and related biometrics-specific disclosures, as well as the remedial modifications and updates necessary to achieve compliance.
- Technology Transactions. We draft and negotiate complex multiparty technology contracts involving biometric data use and related biometric privacy considerations, including SaaS agreements and license agreements, as well as a variety of other privacy-related contracts. We also provide guidance and counseling on items such as benchmarked considerations to clients involved in negotiating technology contracts that implicate biometric technologies and/or biometric data, as well as guidance on existing agreements implicating biometrics.
- Class Action Defense. We have deep experience in litigating biometric privacy (and other types of privacy) class action disputes, including successfully defending complex, bet-the-company BIPA class action lawsuits.