HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Lawmakers Propose Florida Biometric Information Privacy Act

Senator Gary Farmer (D-FL) and Representative Bobby DuBose (D-FL) have proposed new bills (SB 1270 /HB 1153) that require all private entities to obtain written consent from consumers prior to collecting or using their biometric data.

The Florida Biometric Information Privacy Act is similar to the Illinois Biometric Information Privacy Act which was signed into law in 2008 and would require private entities to notify consumers about the reasons for collecting biometric information and the proposed uses of that information when obtaining consent. Policies covering data retention and disposal of the information would also need to be made available to the public. Private entities would also be prohibited from profiting from an individual’s biometric information and must not sell, lease, or trade biometric information.

Private entities will be required to implement safeguards to protect stored biometric information to ensure the information remains private and confidential. When the purpose for collecting the information has been achieved, or after three years following the last interaction with an individual, the data must be securely destroyed.

Biometric data is classed as any information based on an individual’s biometric identifiers that can be used to identify an individual, such as an iris/retina scan, fingerprint, voice print, or face scan. It does not include information such as handwriting samples, signatures, biological samples, medical images, or photographs. The Act would also not apply to any information captured, used, or stored by HIPAA-covered entities for the provision of treatment, payment for healthcare, or operations covered by the HIPAA Privacy Rule.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The Florida Biometric Information Privacy Act includes a private right of action which would allow consumers to take legal action against entities that have violated their privacy and recover damages of between $1,000 and $5,000 as well as reasonable attorney fees.

“This common-sense legislation will give Floridians the peace of mind to know that their most valuable information is being handled responsibly and that these private companies will be held accountable for the improper use or unauthorized distribution of their information,” explained DuBose.

If the Florida Biometric Information Privacy Act is passed, it is due to take effect from October 1, 2019.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.