Securiti Named a 2022 Cool Vendor in Data Security by Gartner

Download Now

Illinois Biometric Information Privacy Act (BIPA)

Operationalize BIPA compliance with the most comprehensive PrivacyOps platform.

background-image

The Biometric Information Privacy Act (BIPA), an initiative spearheaded by the ACLU of Illinois, was unanimously approved by the Illinois legislature in 2008. BIPA creates guidelines to protect the privacy and security of Illinois residents.

BIPA prohibits any private entity from selling or leasing, trading, or otherwise profiting from an individual’s or customer’s biometric information or identifiers, in addition to its notice and consent requirements. Retina or iris scans, fingerprints, voice prints, hand scans, facial geometry, DNA, and other biological information are examples of biometric identifiers.

The consumer or his/her legally authorized representative must consent to the collection, storage, and usage of the biometric information or identifier through a written release which must be collected and documented by the private entity.

The consumers should also be informed in writing through a notice stating the purpose for which the biometric information or identifier is being collected and for what length of time it shall be retained. The BIPA remains the most stringent biometric privacy law in the US and also provides consumers with protection by enabling them to sue businesses that violate it in court.


The Solution

Securiti enables organizations to comply with Biometric Information Privacy Act (BIPA) through AI-driven PI data discovery, DSR automation, access Intelligence, documented accountability, data security, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises in their journey toward compliance with Biometric Information Privacy Act (BIPA) through automation, enhanced data visibility, and identity linking.

See how our comprehensive platform helps you comply with various Biometric Information Privacy Act (BIPA) sections.

securiti dashboard

With its state-of-the-art artificial intelligence and machine-learning-based tools, Securiti is a market leader in providing data governance and compliance solutions.

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.


Assess BIPA readiness

BIPA §15

With the help of our multi-regulation, collaborative, readiness, and privacy impact assessment system, you can measure your organization's posture against BIPA requirements, identify the gaps and address the risks. Expand assessment capabilities across your vendor ecosystem to maintain compliance against BIPA requirements.

personal data monitoring tracking

Continuous Monitoring and Tracking

BIPA Governance

Keep track of risks involved by continuously monitoring and scanning data against non-compliance to subject rights, security controls, or data residency.

Breach Response Notification

BIPA §15(b), BIPA §20

Automate data breach response mechanism, including breach notifications to concerned stakeholders regarding data breach incidents, by leveraging a knowledge database on security incident diagnosis and response.

breach response notification

Privacy Policy & Notice Management

BIPA §15(a)

Securiti's Privacy Notice Creation and Management Solution allows organizations to transparently inform their users about any access or use of their personal data.

Monitor and Track Consent

BIPA §15(b), BIPA §15(d)

Securiti's Consent Management Platform enables organizations to obtain individuals’ consent for data access, retrieval, and advertising purposes. It allows consent management as per the requirements of BIPA. Moreover, accurate consent status is recorded to demonstrate compliance.

consent preference management

Assess Data Protection Measures and Enable Appropriate Security Controls

BIPA §15(e)

Securiti’s Data Intelligence modules enable you to identify gaps and risks in your data processing and implement appropriate security controls.

Obligations for Covered Entities Under BIPA

  • Covered entities must obtain consent from individuals if the company intends to collect or disclose their personal biometric identifiers.
  • Covered entities must destroy biometric identifiers promptly.
  • Covered entities must securely store biometric identifiers.
  • BIPA prohibits companies from selling or otherwise profiting from consumers’ biometric information.
  • Covered entities cannot disclose, redisclose or distribute any biometric information or identifiers that a person or customer provides to a covered entity unless the individual’s consent is obtained, the state requires its disclosure, and the court issues a legitimate warrant or subpoena requiring its disclosure.

Quick Facts About BIPA

1

BIPA is the only statute in the United States that grants a private right of action to anyone wronged by a violation.

2

BIPA only applies to private entities (individuals, partnerships, corporations, limited liability companies, organizations, or other groups).

3

BIPA does not apply to financial institutions or affiliates of financial institutions.

4

BIPA does not apply to contractors, subcontractors, or agents when they are engaged by a State agency or local government unit.

5

The negligent violation penalty is $1,000 or actual damages, whichever is greater.

6

Intentional or Reckless Violation penalty is $5,000 or actual damages, whichever is greater.

Solutions

Systems

Newsletter

Users love Securiti on G2 G2 leader spring 2022 G2 leader summer 2022 G2 leader easiest business 2022 ISO certification RSAC Leader Forrester Badge IAPP Innovation award 2020 Sinet Innovator Award Gartner Cool Vendor Award

Securiti PrivacyOps Named a Leader in The Forrester WaveTM

View