Full Text of HB6025 99th General Assembly
HB6025 99TH GENERAL ASSEMBLY |
| | 99TH GENERAL ASSEMBLY
State of Illinois
2015 and 2016 HB6025 Introduced , by Rep. Sam Yingling SYNOPSIS AS INTRODUCED: |
| |
Amends the Biometric Information Privacy Act. Provides that except to the extent necessary for an employer to conduct background checks or implement employee security protocols, a private entity may not require a person or customer to provide his or her biometric identifier or biometric information as a condition for the provision of goods or services. Provides that the new provisions do not apply to: (i) companies that provide medical services; (ii) law enforcement agencies; or (iii) governmental entities.
|
| |
| | A BILL FOR |
|
| | | HB6025 | | LRB099 18879 HEP 44863 b |
|
| 1 | | AN ACT concerning civil law.
| 2 | | Be it enacted by the People of the State of Illinois,
| 3 | | represented in the General Assembly:
| 4 | | Section 5. The Biometric Information Privacy Act is amended | 5 | | by changing Section 15 as follows: | 6 | | (740 ILCS 14/15)
| 7 | | Sec. 15. Retention; collection; disclosure; destruction. | 8 | | (a) A private entity in possession of biometric identifiers | 9 | | or biometric information must develop a written policy, made | 10 | | available to the public, establishing a retention schedule and | 11 | | guidelines for permanently destroying biometric identifiers | 12 | | and biometric information when the initial purpose for | 13 | | collecting or obtaining such identifiers or information has | 14 | | been satisfied or within 3 years of the individual's last | 15 | | interaction with the private entity, whichever occurs first. | 16 | | Absent a valid warrant or subpoena issued by a court of | 17 | | competent jurisdiction, a private entity in possession of | 18 | | biometric identifiers or biometric information must comply | 19 | | with its established retention schedule and destruction | 20 | | guidelines. | 21 | | (a-5) Except to the extent necessary for an employer to | 22 | | conduct background checks or implement employee security | 23 | | protocols, a private entity may not require a person or |
| | | HB6025 | - 2 - | LRB099 18879 HEP 44863 b |
|
| 1 | | customer to provide his or her biometric identifier or | 2 | | biometric information as a condition for the provision of goods | 3 | | or services. This subsection (a-5) does not apply to: (i) | 4 | | companies that provide medical services; (ii) law enforcement | 5 | | agencies; or (iii) governmental entities. | 6 | | (b) No private entity may collect, capture, purchase, | 7 | | receive through trade, or otherwise obtain a person's or a | 8 | | customer's biometric identifier or biometric information, | 9 | | unless it first: | 10 | | (1) informs the subject or the subject's legally | 11 | | authorized representative in writing that a biometric | 12 | | identifier or biometric information is being collected or | 13 | | stored; | 14 | | (2) informs the subject or the subject's legally | 15 | | authorized representative in writing of the specific | 16 | | purpose and length of term for which a biometric identifier | 17 | | or biometric information is being collected, stored, and | 18 | | used; and | 19 | | (3) receives a written release executed by the subject | 20 | | of the biometric identifier or biometric information or the | 21 | | subject's legally authorized representative.
| 22 | | (c) No private entity in possession of a biometric | 23 | | identifier or biometric information may sell, lease, trade, or | 24 | | otherwise profit from a person's or a customer's biometric | 25 | | identifier or biometric information. | 26 | | (d) No private entity in possession of a biometric |
| | | HB6025 | - 3 - | LRB099 18879 HEP 44863 b |
|
| 1 | | identifier or biometric information may disclose, redisclose, | 2 | | or otherwise disseminate a person's or a customer's biometric | 3 | | identifier or biometric information
unless: | 4 | | (1) the subject of the biometric identifier or
| 5 | | biometric information or the subject's legally authorized
| 6 | | representative consents to the disclosure or redisclosure; | 7 | | (2) the disclosure or redisclosure completes a | 8 | | financial transaction requested or authorized by the | 9 | | subject of the biometric identifier or the biometric | 10 | | information or the subject's legally authorized | 11 | | representative; | 12 | | (3) the disclosure or redisclosure is required by State | 13 | | or federal law or municipal ordinance; or | 14 | | (4) the disclosure is required pursuant to a valid | 15 | | warrant or subpoena issued by a court of competent | 16 | | jurisdiction.
| 17 | | (e) A private entity in possession of a biometric | 18 | | identifier or biometric information shall: | 19 | | (1) store, transmit, and protect from disclosure all | 20 | | biometric identifiers and biometric information using the | 21 | | reasonable standard of care within the private entity's | 22 | | industry; and
| 23 | | (2) store, transmit, and protect from disclosure all | 24 | | biometric identifiers and biometric information in a | 25 | | manner that is the same as or more protective than the | 26 | | manner in which the private entity stores, transmits, and |
| | | HB6025 | - 4 - | LRB099 18879 HEP 44863 b |
|
| 1 | | protects other confidential and sensitive information.
| 2 | | (Source: P.A. 95-994, eff. 10-3-08.)
|
|