ARTICLE
1 October 2019

California Adds Biometric Restrictions To Data-Breach Law, Potentially Creating A De Facto Biometric Privacy Law

SH
Shook, Hardy & Bacon

Contributor

Shook, Hardy & Bacon logo

Shook, Hardy & Bacon has long been recognized as one of the premier litigation firms in the country. For more than a century, the firm has defended companies in their most substantial national and international products liability, mass tort and complex litigation matters.

The firm has leveraged its complex product liability litigation expertise to expand into several other practice areas and advance its mission of “being the best in the world at providing creative and practical solutions at unsurpassed value.” As a result, the firm has built nationally recognized practices in areas such as intellectual property, environmental and toxic tort, employment litigation, commercial litigation, government enforcement and compliance, and public policy.

Explore Firm Details
Subject to the governor's signature, California's breach-notification law will gain additional requirements related to biometric information due to the passage of AB 1130
United States Privacy
Alfred Saikali,Colman McCarthy,Benjamin M. Patton
+2 Authors

Subject to the governor’s signature, California’s breach-notification law will gain additional requirements related to biometric information due to the passage of AB 1130. The bill adds “unique biometric data” to the definition of personal information where that data is generated from measurements or analysis of body characteristics for authentication purposes. Going forward, notices for breaches involving biometric data must include instructions on how to notify third parties to no longer rely on the compromised data for authentication purposes.

TAKEAWAY

This change, in combination with the California Consumer Privacy Act’s (CCPA’s) private right of action, may create a de facto biometric privacy law in California that allows for a private right of action where there is unauthorized disclosure of biometric information (e.g., a merchant/employer sharing biometric information with a third-party provider) and a lack of policies and procedures governing biometric information.

Read more in the full September issue of the Privacy and Data Security Client Alert.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Alfred Saikali
Alfred Saikali
Photo of Colman McCarthy
Colman McCarthy
Photo of Kate Paine
Kate Paine
Photo of Benjamin M. Patton
Benjamin M. Patton
Photo of Lischen P. Reeves
Lischen P. Reeves
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More