Illinois BIPA Biometric Privacy Law

United States

2008

Privacy

Overview

The Biometric Information Privacy Act (BIPA) was enacted by the state of Illinois in 2008, becoming the first law in the United States to provide specific protections for biometric data. The law regulates how private entities collect, use, store, and destroy biometric identifiers such as fingerprints, facial scans, and retina scans.

BIPA applies to any private-sector organization operating in Illinois or collecting biometric data from Illinois residents. The law gives individuals the right to sue for violations, making it one of the strictest and most litigated privacy laws in the U.S.

Key Obligations

Obtain written, informed consent before collecting biometric data
Inform individuals in writing about the data collected and its purpose
Retain biometric data only for the duration necessary and securely delete it thereafter

Implement reasonable security measures to safeguard biometric data
Avoid selling, leasing, or trading biometric data

FAQ

Related Regulations

GDPR Data Protection Regulation

HIPAA PHI Privacy & Security

COPPA Children's Privacy Law

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Identity Verification

Use facial match and liveness checks paired with government ID verification to make sure the person holding the document is the person you're onboarding.

AML Screening

Comprehensive Anti-Money Laundering screening solutions to detect and prevent financial crimes through advanced monitoring and compliance tools.

One Touch KYC

Simplify the Know Your Customer (KYC) process with AI and sophisticated fraud detection algorithms to provide a seamless, efficient, and highly secure user verification.