Sponsored by:
Assemblyman ANDREW ZWICKER
District 16 (Hunterdon, Mercer, Middlesex and Somerset)
Assemblyman HERB CONAWAY, JR.
District 7 (Burlington)
Assemblywoman ELIANA PINTOR MARIN
District 29 (Essex)
Co-Sponsored by:
Assemblywoman Carter and Assemblyman Benson
SYNOPSIS
Imposes moratorium on collection of biometric identifiers by public entities and requires AG to recommend appropriate uses; restricts private use of biometric information.
CURRENT VERSION OF TEXT
As introduced.
An Act concerning biometric information and supplementing Title 52 of the Revised Statutes.
Be It Enacted by the Senate and General Assembly of the State of New Jersey:
1. As used in this act:
“Biometric identifier” means data generated by measurements of a person’s immutable physical or behavioral characteristics and includes, but is not limited to, a retina or iris scan, a fingerprint, a scan of hand or face geometry, or characteristics of a person’s gait or voice.
“Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on a person’s biometric identifier used to identify a person. Biometric information shall not include information derived from DNA.
“Confidential and sensitive information” means personal information that can be used to uniquely identify a person or a person’s account or property and includes, but is not limited to, a unique identifier number to locate an account or property, an account number, a PIN number, a pass code, a driver’s license number, or a social security number.
“Private entity” means any person, partnership, corporation, limited liability company, association, or other group, however organized. A private entity shall not include a State or local government agency or any court or judge thereof.
"Public entity" means the State, and any county, municipality, district, or any political subdivision, department, authority, agency, bureau, commission, agency, board, or body thereof; or any officer, employee, agent, contractor, or subcontractor of a public entity.
“Written release” means informed written consent or, in the context of employment, a release executed by an employee as a condition of employment.
2. a. A public entity shall not acquire, possess, access, collect, capture, purchase, receive through trade, or otherwise obtain or use a person’s biometric identifier or biometric information.
b. Any person aggrieved by a violation of this section may institute proceedings for injunctive or declaratory relief in any court of competent jurisdiction to enforce this section, and the person shall be entitled to recover for each violation:
(1) against a public entity that negligently violates a provision of this section, liquidated damages of $ 1,000 or actual damages, whichever is greater;
(2) against a public entity that intentionally or recklessly violates a provision of this section, liquidated damages of $ 5,000 or actual damages, whichever is greater;
(3) reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses; and
(4) any other relief the court deems appropriate.
c. Biometric information obtained in violation of this section shall not be admissible in any criminal, civil, administrative, or other proceeding, except in a judicial proceeding alleging a violation of this section.
3. a. The Attorney General shall submit to the Legislature no later than one year after the effective date of P.L. , c. (C. ) (pending before the Legislature as this bill) recommendations for legislation concerning the appropriate use of a biometric identifier or biometric information by a public entity in the State. The recommendations shall include, but not be limited to:
(1) the public entities to be permitted to use a biometric identifier or biometric information, the purposes for the use, and identification of prohibited uses;
(2) the necessary training required for a public entity to use a biometric identifier or biometric information;
(3) standards for the use and management of information derived from a biometric identifier or biometric information, including but not limited to data retention, sharing, access, and audit trails;
(4) auditing practices to ensure the accuracy of a biometric identifier or biometric information, standards for minimum accuracy rates, and accuracy rates by gender, skin color, and age;
(5) rigorous protections for due process, privacy, free speech and association, and racial, gender, and religious equity; and
(6) mechanisms to ensure compliance.
b. Following submission of the recommendations required pursuant to subsection a. of this section, the Legislature shall hold at least one public hearing for the purpose of obtaining comments on the recommendations.
c. The Legislature shall evaluate the recommendations and comments obtained at the public hearing required pursuant to subsection b. of this section to determine whether and to what extent the use of a biometric identifier or biometric information should be authorized for use by a public entity in the State.
4. a. A private entity in possession of biometric identifiers or biometric information shall develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining the identifiers or information has been satisfied or within three years of the person’s last interaction with the private entity, whichever occurs first. Unless otherwise provided in a valid warrant or subpoena issued by a court of competent jurisdiction, a private entity in possession of a biometric identifier or biometric information shall comply with its established retention schedule and destruction guidelines.
b. A private entity shall not acquire, possess, access, collect, capture, purchase, receive through trade, or otherwise obtain or use a person’s biometric identifier or biometric information, unless it first:
(1) informs the person or the person’s legally authorized representative in writing that a biometric identifier or biometric information is being collected or stored;
(2) informs the person or the person’s legally authorized representative in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and
(3) receives a written release executed by the person or the person’s legally authorized representative.
c. A private entity in possession of a biometric identifier or biometric information shall not sell, lease, trade, or otherwise profit from a person’s biometric identifier or biometric information.
d. A private entity in possession of a biometric identifier or biometric information shall not disclose, redisclose, or otherwise disseminate a person’s biometric identifier or biometric information unless:
(1) the person or the person’s legally authorized representative consents to the disclosure or redisclosure;
(2) the disclosure or redisclosure completes a financial transaction requested or authorized by the person or the person’s legally authorized representative;
(3) the disclosure or redisclosure is required by State or federal law or municipal ordinance; or
(4) the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
e. A private entity in possession of a biometric identifier or biometric information shall:
(1) store, transmit, and protect from disclosure all biometric identifiers and biometric information using the reasonable standard of care within the private entity’s industry; and
(2) store, transmit, and protect from disclosure all biometric identifiers and biometric information in a manner that is the same as or more protective than the manner in which the private entity stores, transmits, and protects other confidential and sensitive information.
f. Biometric information obtained
in violation of this section shall not be admissible in any criminal, civil,
administrative, or other proceeding, except in a judicial proceeding alleging a
violation of this section.
5. Any person aggrieved by a violation of section 4 of P.L. , c. (C. ) (pending before the Legislature as this bill) may institute proceedings for injunctive or declaratory relief in any court of competent jurisdiction to enforce this section, and the person shall be entitled to recover for each violation:
a. against a private entity that negligently violates a provision of section 4 of P.L. , c. (C. ) (pending before the Legislature as this bill), liquidated damages of $ 1,000 or actual damages, whichever is greater;
b. against a private entity that intentionally or recklessly violates a provision of section 4 of P.L. , c. (C. ) (pending before the Legislature as this bill), liquidated damages of $ 5,000 or actual damages, whichever is greater;
c. reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses; and
d. other relief the court deems appropriate.
6. This act shall take effect immediately.
STATEMENT
This bill imposes a moratorium on collection of biometric identifiers by public entities and requires the Attorney General to recommend appropriate uses for biometric information by public entities in this State. The bill also restricts private entities’ use of biometric information.
The bill specifically prohibits a public entity from acquiring, possessing, accessing, collecting, capturing, purchasing, receiving through trade, or otherwise obtaining or using a person’s biometric identifier or biometric information. Biometric identifier is defined under the bill to mean data generated by measurements of a person’s immutable physical or behavioral characteristics and includes, but is not limited to, a retina or iris scan, a fingerprint, a scan of hand or face geometry, or characteristics of a person’s gait or voice. Biometric information is defined to mean any information, regardless of how it is captured, converted, stored, or shared, based on a person’s biometric identifier used to identify a person. Biometric information does not include information derived from DNA.
This bill requires the Attorney General submit to the Legislature, within one year after the effective date of the bill, recommendations for legislation concerning the appropriate use of a biometric identifier or biometric information in the State. Following submission of the recommendations, the Legislature is required to hold at least one public hearing to obtain comments on the recommendations. The Legislature is to evaluate the recommendations and comments to determine whether and to what extent the use of a biometric identifier or biometric information by public entities should be authorized in the State.
Under the bill, a private entity in possession of biometric identifiers or biometric information is required to develop a written policy, made available to the public, establishing a retention schedule and guidelines for the destruction of biometric identifiers and biometric information. These private entities are required to comply with the established retention schedule and destruction guidelines, unless otherwise provided in a valid warrant or subpoena issued by a court of competent jurisdiction.
A private entity is prohibited from acquiring, possessing, accessing, collecting, capturing, purchasing, receiving through trade, or otherwise obtaining or using a person’s biometric identifier or biometric information, unless it first: informs the person or the person’s legally authorized representative in writing that a biometric identifier or biometric information is being collected or stored; informs the person or the person’s legally authorized representative in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and receives a written release executed by the person or the person’s legally authorized representative.
The bill also prohibits a private entity in possession of a biometric identifier or biometric information from selling, leasing, trading, or otherwise profiting from a person’s biometric identifier or biometric information.
A private entity in possession of a biometric identifier or biometric information is prohibited from disclosing, redisclosing, or otherwise disseminating a person’s biometric identifier or biometric information unless: the person or the person’s legally authorized representative consents to the disclosure or redisclosure; the disclosure or redisclosure completes a financial transaction requested or authorized by the person or the person’s legally authorized representative; the disclosure or redisclosure is required by State or federal law or municipal ordinance; or the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
A private entity in possession of a biometric identifier or biometric information is required under the bill to: store, transmit, and protect from disclosure all biometric identifiers and biometric information using the reasonable standard of care within the private entity’s industry; and store, transmit, and protect from disclosure all biometric identifiers and biometric information in a manner that is the same as or more protective than the manner in which the private entity stores, transmits, and protects other confidential and sensitive information, as defined under the bill.
The bill provides that biometric information obtained in violation of the bill is not to be admissible in any criminal, civil, administrative, or other proceeding, except in a judicial proceeding alleging a violation of the bill’s provisions. A person is authorized under the bill to institute proceedings for injunctive or declaratory relief for a violation of the bill’s provisions. A person is entitled to recover liquidated damages of $1,000 or actual damages, whichever is greater, against a public or private entity that negligently violates a provision of the bill; liquidated damages of $5,000 or actual damages, whichever is greater against a public or private entity that intentionally or recklessly violates a provision of the bill; reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses; and any other relief the court deems appropriate.