99TH GENERAL ASSEMBLY
State of Illinois
2015 and 2016
SB2409

 

Introduced 2/3/2016, by Sen. Terry Link

 

SYNOPSIS AS INTRODUCED:
 
740 ILCS 14/15

    Amends the Biometric Information Privacy Act. Provides that for the purposes of crime prevention and law enforcement a private detective, private detective agency, private security contractor, or private security contractor agency may collect or capture a scan of a person's face geometry without satisfying specified notice requirements in order to compare the scan to a database of photographs provided to the entity by any federal, State, or local law enforcement agency of persons who have been arrested on a charge of a violation of State or federal law if the entity complies with specified requirements. Effective immediately.


LRB099 14106 HEP 39947 b

 

 

A BILL FOR

 

SB2409LRB099 14106 HEP 39947 b

1    AN ACT concerning civil law.
 
2    Be it enacted by the People of the State of Illinois,
3represented in the General Assembly:
 
4    Section 5. The Biometric Information Privacy Act is amended
5by changing Section 15 as follows:
 
6    (740 ILCS 14/15)
7    Sec. 15. Retention; collection; disclosure; destruction.
8    (a) Except as provided in subsection (b-5) of this Section,
9a A private entity in possession of biometric identifiers or
10biometric information must develop a written policy, made
11available to the public, establishing a retention schedule and
12guidelines for permanently destroying biometric identifiers
13and biometric information when the initial purpose for
14collecting or obtaining such identifiers or information has
15been satisfied or within 3 years of the individual's last
16interaction with the private entity, whichever occurs first.
17Absent a valid warrant or subpoena issued by a court of
18competent jurisdiction, a private entity in possession of
19biometric identifiers or biometric information must comply
20with its established retention schedule and destruction
21guidelines.
22    (b) Except as provided in subsection (b-5) of this Section,
23no No private entity may collect, capture, purchase, receive

 

 

SB2409- 2 -LRB099 14106 HEP 39947 b

1through trade, or otherwise obtain a person's or a customer's
2biometric identifier or biometric information, unless it
3first:
4        (1) informs the subject or the subject's legally
5    authorized representative in writing that a biometric
6    identifier or biometric information is being collected or
7    stored;
8        (2) informs the subject or the subject's legally
9    authorized representative in writing of the specific
10    purpose and length of term for which a biometric identifier
11    or biometric information is being collected, stored, and
12    used; and
13        (3) receives a written release executed by the subject
14    of the biometric identifier or biometric information or the
15    subject's legally authorized representative.
16    (b-5) For the purposes of crime prevention and law
17enforcement a private detective, private detective agency,
18private security contractor, or private security contractor
19agency licensed under the Private Detective, Private Alarm,
20Private Security, Fingerprint Vendor, and Locksmith Act of 2004
21may collect or capture a scan of a person's face geometry
22without satisfying the notice and release requirements in
23subsection (b) of this Section in order to compare the scan to
24a database of photographs provided to the entity by any
25federal, State, or local law enforcement agency of persons who
26have been arrested on a charge of a violation of State or

 

 

SB2409- 3 -LRB099 14106 HEP 39947 b

1federal law if the entity:
2        (1) establishes and complies with a retention schedule
3    and guidelines for permanently destroying biometric
4    identifiers or biometric information within 30 days of the
5    individual's last interaction with the entity, except that
6    the entity may retain the identifier or information for
7    more than 30 days if: (i) there is reasonable suspicion
8    that the identifier or information contains evidence of
9    criminal activity, or (ii) the identifier or information is
10    relevant to an ongoing investigation or pending criminal
11    trial; and
12        (2) adheres to the other requirements set forth in this
13    Act.
14    (c) No private entity in possession of a biometric
15identifier or biometric information may sell, lease, trade, or
16otherwise profit from a person's or a customer's biometric
17identifier or biometric information.
18    (d) No private entity in possession of a biometric
19identifier or biometric information may disclose, redisclose,
20or otherwise disseminate a person's or a customer's biometric
21identifier or biometric information unless:
22        (1) the subject of the biometric identifier or
23    biometric information or the subject's legally authorized
24    representative consents to the disclosure or redisclosure;
25        (2) the disclosure or redisclosure completes a
26    financial transaction requested or authorized by the

 

 

SB2409- 4 -LRB099 14106 HEP 39947 b

1    subject of the biometric identifier or the biometric
2    information or the subject's legally authorized
3    representative;
4        (3) the disclosure or redisclosure is required by State
5    or federal law or municipal ordinance; or
6        (4) the disclosure is required pursuant to a valid
7    warrant or subpoena issued by a court of competent
8    jurisdiction.
9    (e) A private entity in possession of a biometric
10identifier or biometric information shall:
11        (1) store, transmit, and protect from disclosure all
12    biometric identifiers and biometric information using the
13    reasonable standard of care within the private entity's
14    industry; and
15        (2) store, transmit, and protect from disclosure all
16    biometric identifiers and biometric information in a
17    manner that is the same as or more protective than the
18    manner in which the private entity stores, transmits, and
19    protects other confidential and sensitive information.
20(Source: P.A. 95-994, eff. 10-3-08.)
 
21    Section 99. Effective date. This Act takes effect upon
22becoming law.