Illinois BIPA Biometric Privacy Law
United States
2008
Privacy
Overview
Key Obligations
- Obtain written, informed consent before collecting biometric data
- Inform individuals in writing about the data collected and its purpose
- Retain biometric data only for the duration necessary and securely delete it thereafter
- Implement reasonable security measures to safeguard biometric data
- Avoid selling, leasing, or trading biometric data
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Identity Verification
Use facial match and liveness checks paired with government ID verification to validate users while onboarding.
AML Screening
Screen users against Politically Exposed Persons (PEP), watchlists, sanctions lists, adverse media, and more through one-time screening and advanced monitoring.
One Touch KYC
Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.
Related Regulations
FAQ
What types of data are protected under BIPA?
Fingerprints, facial geometry, iris scans, voiceprints, and hand scans are protected under the law.
Does BIPA apply to employers?
Yes, employers who collect biometric data for time tracking or security must comply.
What are the penalties for non-compliance?
Entities can face statutory damages of $1,000–$5,000 per violation, plus legal fees.
Is BIPA only applicable within Illinois?
It applies to any entity collecting biometric data from Illinois residents, regardless of where the company is based.