Updating the database of the Illinois Compiled Statutes (ILCS) is an ongoing process.
Recent laws may not yet be included in the ILCS database, but they are found on this site as
Public
Acts soon after they become law. For information concerning the relationship between statutes and Public Acts, refer to the
Guide.
Because the statute database is maintained primarily for legislative drafting purposes,
statutory changes are sometimes included in the statute database before they take effect.
If the source note at the end of a Section of the statutes includes a Public Act that has
not yet taken effect, the version of the law that is currently in effect may have already
been removed from the database and you should refer to that Public Act to see the changes
made to the current law.
(740 ILCS 14/15)
Sec. 15. Retention; collection; disclosure; destruction. (a) A private entity in possession of biometric identifiers or biometric information must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first. Absent a valid warrant or subpoena issued by a court of competent jurisdiction, a private entity in possession of biometric identifiers or biometric information must comply with its established retention schedule and destruction guidelines. (b) No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information, unless it first: (1) informs the subject or the subject's legally |
| authorized representative in writing that a biometric identifier or biometric information is being collected or stored;
|
|
(2) informs the subject or the subject's legally
|
| authorized representative in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and
|
|
(3) receives a written release executed by the
|
| subject of the biometric identifier or biometric information or the subject's legally authorized representative.
|
|
(c) No private entity in possession of a biometric identifier or biometric information may sell, lease, trade, or otherwise profit from a person's or a customer's biometric identifier or biometric information.
(d) No private entity in possession of a biometric identifier or biometric information may disclose, redisclose, or otherwise disseminate a person's or a customer's biometric identifier or biometric information
unless:
(1) the subject of the biometric identifier or
|
| biometric information or the subject's legally authorized representative consents to the disclosure or redisclosure;
|
|
(2) the disclosure or redisclosure completes a
|
| financial transaction requested or authorized by the subject of the biometric identifier or the biometric information or the subject's legally authorized representative;
|
|
(3) the disclosure or redisclosure is required by
|
| State or federal law or municipal ordinance; or
|
|
(4) the disclosure is required pursuant to a valid
|
| warrant or subpoena issued by a court of competent jurisdiction.
|
|
(e) A private entity in possession of a biometric identifier or biometric information shall:
(1) store, transmit, and protect from disclosure all
|
| biometric identifiers and biometric information using the reasonable standard of care within the private entity's industry; and
|
|
(2) store, transmit, and protect from disclosure all
|
| biometric identifiers and biometric information in a manner that is the same as or more protective than the manner in which the private entity stores, transmits, and protects other confidential and sensitive information.
|
|
(Source: P.A. 95-994, eff. 10-3-08.)
|