biometrics, biometric, privacy, privacy law, state statutes, state attorneys general, state attorney general, biometric privacy, Illinois, BIPA, Biometric Information Privacy Act, Texas, CUBI, CUBIA, Capture or Use Biometric Identifier Act, Washington, Washington State, Washington Biometric Privacy Act, WBPA, AG, GDPR, General Data Protection Regulation, Article 4, Rosenbach, Six Flags, Rosenbach v. Six Flags, Illinois Supreme Court, Spokeo, Spokeo v. Robins, Spokeo Inc. v. Robins, Fair Information Practice Principles, FIPs, FIPPs, statutes, statutory analysis, Face Off, Nicholas Cage, John Travolta, Nic Cage, data harms, data harm, data breach, data breach victim, data harm remedies, remedies, remedy, standing, Article III standing, big data, sale of private data, google, apple, amazon, meaningful consent, consent, special masters, special master, shira scheindlin, judge scheindlin, judge shira scheindlin, sedona conference, ediscovery, e-discovery, discovery, star trek, robocop, back to the future, facial recognition, fingerprint recognition, voiceprint, face id, face scanning, fingerprint, touch id, iPhone X, iPhone XS, iPhone XR, hackers, hacking, equifax, consumer protection, litigation, data breach litigation, consumer financial protection bureau, cfpb, richard cordray, arbitration, class action law suit, class action suit, forced arbitration, cordray, elizabeth warren, donald trump, president trump, president donald trump, robert mueller iii, robert mueller, mueller, FBI, federal bureau of investigation, notice and choice, notice & choice, notice, choice, security purpose, security, biometric harm, private right of action, private right, private rights of action, right of action


As biometric authentication becomes an increasingly popular method of security among consumers, only three states currently have statutes detailing how such data may be collected, used, retained, and released. The Illinois Biometric Information Privacy Act is the only statute of the three that enshrines a private right of action for those who fail to properly handle biometric data. Both the Texas Capture or Use Biometric Identifier Act Information Act and the Washington Biometric Privacy Act allow for state Attorneys General to bring suit on behalf of aggrieved consumers. This Note examines these three statutes in the context of data security and potential remedies for victims of data breaches or mishandled data. Ultimately, this Note makes policy proposals for future biometric privacy statutes, particularly recommending a private right of action as the most effective remedy for victims of biometric data breaches.