SB2409 99TH GENERAL ASSEMBLY

99TH GENERAL ASSEMBLY State of Illinois 2015 and 2016
SB2409

Introduced 2/3/2016, by Sen. Terry Link

SYNOPSIS AS INTRODUCED:

740 ILCS 14/15

Amends the Biometric Information Privacy Act. Provides that for the purposes of crime prevention and law enforcement a private detective, private detective agency, private security contractor, or private security contractor agency may collect or capture a scan of a person's face geometry without satisfying specified notice requirements in order to compare the scan to a database of photographs provided to the entity by any federal, State, or local law enforcement agency of persons who have been arrested on a charge of a violation of State or federal law if the entity complies with specified requirements. Effective immediately.

LRB099 14106 HEP 39947 b

A BILL FOR

SB2409

LRB099 14106 HEP 39947 b

1 AN ACT concerning civil law.

2 Be it enacted by the People of the State of Illinois,

3 represented in the General Assembly:

4 Section 5. The Biometric Information Privacy Act is amended

5 by changing Section 15 as follows:

6 (740 ILCS 14/15)

7 Sec. 15. Retention; collection; disclosure; destruction.

8 (a) Except as provided in subsection (b-5) of this Section,

9 a ~~A~~ private entity in possession of biometric identifiers or

10 biometric information must develop a written policy, made

11 available to the public, establishing a retention schedule and

12 guidelines for permanently destroying biometric identifiers

13 and biometric information when the initial purpose for

14 collecting or obtaining such identifiers or information has

15 been satisfied or within 3 years of the individual's last

16 interaction with the private entity, whichever occurs first.

17 Absent a valid warrant or subpoena issued by a court of

18 competent jurisdiction, a private entity in possession of

19 biometric identifiers or biometric information must comply

20 with its established retention schedule and destruction

21 guidelines.

22 (b) Except as provided in subsection (b-5) of this Section,

23 no ~~No~~ private entity may collect, capture, purchase, receive

SB2409

- 2 -

LRB099 14106 HEP 39947 b

1 through trade, or otherwise obtain a person's or a customer's

2 biometric identifier or biometric information, unless it

3 first:

4 (1) informs the subject or the subject's legally

5 authorized representative in writing that a biometric

6 identifier or biometric information is being collected or

7 stored;

8 (2) informs the subject or the subject's legally

9 authorized representative in writing of the specific

10 purpose and length of term for which a biometric identifier

11 or biometric information is being collected, stored, and

12 used; and

13 (3) receives a written release executed by the subject

14 of the biometric identifier or biometric information or the

15 subject's legally authorized representative.

16 (b-5) For the purposes of crime prevention and law

17 enforcement a private detective, private detective agency,

18 private security contractor, or private security contractor

19 agency licensed under the Private Detective, Private Alarm,

20 Private Security, Fingerprint Vendor, and Locksmith Act of 2004

21 may collect or capture a scan of a person's face geometry

22 without satisfying the notice and release requirements in

23 subsection (b) of this Section in order to compare the scan to

24 a database of photographs provided to the entity by any

25 federal, State, or local law enforcement agency of persons who

26 have been arrested on a charge of a violation of State or

SB2409

- 3 -

LRB099 14106 HEP 39947 b

1 federal law if the entity:

2 (1) establishes and complies with a retention schedule

3 and guidelines for permanently destroying biometric

4 identifiers or biometric information within 30 days of the

5 individual's last interaction with the entity, except that

6 the entity may retain the identifier or information for

7 more than 30 days if: (i) there is reasonable suspicion

8 that the identifier or information contains evidence of

9 criminal activity, or (ii) the identifier or information is

10 relevant to an ongoing investigation or pending criminal

11 trial; and

12 (2) adheres to the other requirements set forth in this

13 Act.

14 (c) No private entity in possession of a biometric

15 identifier or biometric information may sell, lease, trade, or

16 otherwise profit from a person's or a customer's biometric

17 identifier or biometric information.

18 (d) No private entity in possession of a biometric

19 identifier or biometric information may disclose, redisclose,

20 or otherwise disseminate a person's or a customer's biometric

21 identifier or biometric information unless:

22 (1) the subject of the biometric identifier or

23 biometric information or the subject's legally authorized

24 representative consents to the disclosure or redisclosure;

25 (2) the disclosure or redisclosure completes a

26 financial transaction requested or authorized by the

SB2409

- 4 -

LRB099 14106 HEP 39947 b

1 subject of the biometric identifier or the biometric

2 information or the subject's legally authorized

3 representative;

4 (3) the disclosure or redisclosure is required by State

5 or federal law or municipal ordinance; or

6 (4) the disclosure is required pursuant to a valid

7 warrant or subpoena issued by a court of competent

8 jurisdiction.

9 (e) A private entity in possession of a biometric

10 identifier or biometric information shall:

11 (1) store, transmit, and protect from disclosure all

12 biometric identifiers and biometric information using the

13 reasonable standard of care within the private entity's

14 industry; and

15 (2) store, transmit, and protect from disclosure all

16 biometric identifiers and biometric information in a

17 manner that is the same as or more protective than the

18 manner in which the private entity stores, transmits, and

19 protects other confidential and sensitive information.

20 (Source: P.A. 95-994, eff. 10-3-08.)

21 Section 99. Effective date. This Act takes effect upon

22 becoming law.