100TH GENERAL ASSEMBLY
State of Illinois
2017 and 2018
HB2411
 
Introduced , by Rep. Sam Yingling
 
SYNOPSIS AS INTRODUCED:
 

 
740 ILCS 14/15

     Amends the Biometric Information Privacy Act. Provides that except to the extent necessary for an employer to conduct background checks or implement employee security protocols, a private entity may not require a person or customer to provide his or her biometric identifier or biometric information as a condition for the provision of goods or services. Provides that the new provisions do not apply to: (i) companies that provide medical services; (ii) law enforcement agencies; or (iii) governmental entities.
  


LRB100 07957 HEP 18031 b

 
 
A BILL FOR
 

  
HB2411LRB100 07957 HEP 18031 b


  
1    AN ACT concerning civil law.
  
 
2    Be it enacted by the People of the State of Illinois,
 
3represented in the General Assembly:
  
 
 
4    Section 5. The Biometric Information Privacy Act is amended  
5by changing Section 15 as follows:
 
6    (740 ILCS 14/15)

7    Sec. 15. Retention; collection; disclosure; destruction. 
8    (a) A private entity in possession of biometric identifiers 
9or biometric information must develop a written policy, made 
10available to the public, establishing a retention schedule and 
11guidelines for permanently destroying biometric identifiers 
12and biometric information when the initial purpose for 
13collecting or obtaining such identifiers or information has 
14been satisfied or within 3 years of the individual's last 
15interaction with the private entity, whichever occurs first.  
16Absent a valid warrant or subpoena issued by a court of 
17competent jurisdiction, a private entity in possession of 
18biometric identifiers or biometric information must comply 
19with its established retention schedule and destruction 
20guidelines.
21    (a-5) Except to the extent necessary for an employer to 
22conduct background checks or implement employee security 
23protocols, a private entity may not require a person or 
 
 
HB2411- 2 -LRB100 07957 HEP 18031 b

1customer to provide his or her biometric identifier or 
2biometric information as a condition for the provision of goods 
3or services. This subsection (a-5) does not apply to: (i) 
4companies that provide medical services; (ii) law enforcement 
5agencies; or (iii) governmental entities. 
6    (b) No private entity may collect, capture, purchase, 
7receive through trade, or otherwise obtain a person's or a 
8customer's biometric identifier or biometric information, 
9unless it first:
10        (1) informs the subject or the subject's legally 
11    authorized representative in writing that a biometric 
12    identifier or biometric information is being collected or 
13    stored;
14        (2) informs the subject or the subject's legally 
15    authorized representative in writing of the specific 
16    purpose and length of term for which a biometric identifier 
17    or biometric information is being collected, stored, and 
18    used; and
19        (3) receives a written release executed by the subject 
20    of the biometric identifier or biometric information or the 
21    subject's legally authorized representative.


22    (c) No private entity in possession of a biometric 
23identifier or biometric information may sell, lease, trade, or 
24otherwise profit from a person's or a customer's biometric 
25identifier or biometric information.
26    (d) No private entity in possession of a biometric 
 
 
HB2411- 3 -LRB100 07957 HEP 18031 b

1identifier or biometric information may disclose, redisclose, 
2or otherwise disseminate a person's or a customer's biometric 
3identifier or biometric information
unless:
4        (1) the subject of the biometric identifier or

5    biometric information or the subject's legally authorized

6    representative consents to the disclosure or redisclosure;
7        (2) the disclosure or redisclosure completes a 
8    financial transaction requested or authorized by the 
9    subject of the biometric identifier or the biometric 
10    information or the subject's legally authorized 
11    representative;
12        (3) the disclosure or redisclosure is required by State 
13    or federal law or municipal ordinance; or
14        (4) the disclosure is required pursuant to a valid 
15    warrant or subpoena issued by a court of competent 
16    jurisdiction.

17    (e) A private entity in possession of a biometric 
18identifier or biometric information shall:
19        (1) store, transmit, and protect from disclosure all 
20    biometric identifiers and biometric information using the 
21    reasonable standard of care within the private entity's 
22    industry; and

23        (2)  store, transmit, and protect from disclosure all 
24    biometric identifiers and biometric information in a 
25    manner that is the same as or more protective than the 
26    manner in which the private entity stores, transmits, and 
 
 
HB2411- 4 -LRB100 07957 HEP 18031 b

1    protects other confidential and sensitive information.



2(Source: P.A. 95-994, eff. 10-3-08.)