The Cost of BIPA Non Compliance is High
The floodgate of lawsuits being brought in the State of Illinois over improper storage of biometric data has continued over the past several months, pretty much unabated.
Illinois’ Biometric Information Privacy Act (BIPA) has proven to be one of the more consequential set of IT sector policies. Companies are now scrambling to figure out how to avoid liability claims.
Biometry Comes to the Scene
BIPA was codified in Illinois State law in 2008, kicked off by major national corporations selecting Illinois as the test site for new applications of “biometric facilitated financial transactions.” These systems quickly entered every sphere of the State’s economy, from retail outlets, to grocery stores, and even public facilities such as school cafeterias. Biometry, recognition of physical features such as retinal signatures, fingerprints, and facial geometry, promised to give users a leg up on bolstering their identity security. While other forms of authentication are susceptible to being leaked, stolen, or copied, biometry is incredibly more difficult to falsify. The entering into common use of biometry applications over the past several years is a testament to the secure nature of this method.
It is precisely because of biometrics authentication strength that Illinois was determined to set high standards for how this information is stored and kept safe from cyber criminals. In addition to its demands on how firms deal with their collected biometrics, BIPA created a right of legal action for statutory violations related to the collection, retention, storage, and use of biometric identifiers and related data.
The Costs of BIPA Violations
The cost of non compliance with BIPA is high. For accidental but legally negligent violations, private entities are liable for $1,000 per violation or the payment of actual damages incurred by the owner of the biometry, whichever is greater. For intentional or criminally reckless violations, the penalty is increased to $5,000 per violation.
In June, a trend began of class action cases being brought against firms for allegedly violating BIPA statutes. Companies targeted by these lawsuits were at first limited to internet and online gaming companies. However the actions quickly spread to a diverse range of industries and dozens of cases have been filed over the past six months. The fear of being exposed to legal action has reached such a pitch, it has moved many firms, especially tech and web service corporations, to consider leaving the State.
When it comes to compliance, BIPA demands that all biometry collected by a company be stored using industry standard data loss protection (DLP) tools to prevent disclosure. As the number of legal actions against firms on the basis of BIPA keeps rising, what companies need is a Data Loss Prevention tool that will integrate with their work environment to keep all company data safe, while not inhibiting workflow due to burdensome data engagement restrictions.
The Smart DLP solution of GTB gives companies the edge by constantly monitoring activity to ensure that users are made aware of the security risks associated with their actions on the network.
The Artificial Intelligence (AI) based DLP platform understands a firm’s system to the point where it can identify sensitive information, and automatically, remediate by policy various actions and deploy encryption protocols for sensitive data to prevent unauthorized disclosure.
Furthermore, GTB’s DLP that Works platform and solutions give administrators total control over the flow of data and are specifically designed to be able to demonstrate compliance of regulatory statutes.