Modern technologies found in sensors, software, and readers make it increasingly possible to use fingerprints, facial recognition, retinal or iris scans, voiceprint reading, gait analysis, or keystroke analysis to identify a person.
In response to these technologies, some state legislatures (Arkansas, California, Illinois, New York, Texas, Washington) have enacted biometric information privacy laws that govern the collection and use of this data.
For example, in Illinois, the Biometric Information Privacy Act (BIPA) provides a set of rules for companies collecting biometric data—and unlike the biometric data privacy statutes in Texas and Washington, it creates a private cause of action, allowing Illinois residents whose biometric data is improperly collected or used to file a lawsuit for the violation of the statute.
There are essentially five key features of the Illinois law known as BIPA:
• it requires informed consent prior to collection;
• it prohibits any profiting from biometric data;
• it allows only a limited right to disclose the data;
• it sets forth both protection obligations and data retention guidelines for businesses; and
• it creates a private cause of action for those harmed by BIPA violations.
As of my knowledge cutoff date in early 2023, Maine does not have a specific biometric information privacy law akin to the Illinois Biometric Information Privacy Act (BIPA). While states like Illinois, Texas, and Washington have enacted laws that regulate the collection, use, and storage of biometric data, Maine has not yet passed similar comprehensive legislation. In the absence of state-specific biometric privacy laws, residents of Maine would be subject to general privacy laws and regulations that govern personal data. Companies operating in Maine that collect biometric data should still be aware of best practices for data privacy and security, including obtaining informed consent, limiting the use and disclosure of personal data, and ensuring proper data protection measures are in place. Additionally, they should monitor for any changes in state legislation or federal law that may impose new requirements regarding biometric data.