SPONSOR: Christ
This bill establishes the "Enhanced Personal Privacy Act". Any private entity in possession of biometric identifiers or information, as defined in the bill, must have a written and publicly available retention schedule and guidelines for permanently destroying these identifiers and information when the initial purpose for collecting or obtaining them has been satisfied, or within one year of the individual's last interaction with the private entity, whichever occurs first.
No private entity may collect, purchase, receive, or otherwise obtain an individual's biometric identifier or information without first informing the individual in writing of the information being collected and the purpose for collection, and receiving a written release from the individual authorizing the collection. No private entity in possession of biometric identifiers or information may sell, lease, trade, or otherwise profit from an individual's identifier or information.
Any entity or individual required to comply with the Health Insurance Portability and Accountability Act must treat biometric identifiers and information as individually identifiable health information protected under the Act.
No private entity may disclose or disseminate an individual's biometric identifier or information unless it has a written release from the individual, the disclosure completes a financial transaction requested or authorized by the individual, the disclosure is required by law, or the disclosure is required pursuant to a warrant. A private entity in possession of biometric identifiers or information must securely store these identifiers or information in accordance with the provisions of the Act.
Statutes affected: