Biometric Data Privacy Policy

Summary

This Biometric Data Privacy Policy template is for use by companies that process data that may be considered "biometric identifiers" or "biometric information" under applicable law (referred to as "Biometric Data" in this template. This template includes practical guidance, drafting notes, and optional and alternate clauses. This Policy is intended to be used to comply with the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq., the Texas Capture or Use of Biometric Identifiers Act (CUBI), Tex. Bus. & Com. Code § 503.001, and Washington's HB 1493 (HB 1493) biometrics statute, Wash Rev. Code § 19.375.010 et seq. and can be used in conjunction with Biometric Data Online Notice and Consent. Colorado also recently passed a biometric privacy law, which will be effective on July 1, 2025. See Colo. Rev. Stat. § 6-1-1314. Organizations must carefully draft their own biometric data privacy disclosures to satisfy the specific compliance requirements of the jurisdictions applicable to them. The language of this Policy can be added as a section to an organization's general privacy policy, or can be made available in a standalone, separate Biometric Data Privacy Policy. This Policy assumes that the organization uses biometric technologies and biometric data solely within the United States. For more on biometric privacy, see Biometric Data Online Notice and Consent, Biometric Privacy and Artificial Intelligence Legal Developments, Biometric Privacy: Mitigating Legal Risks When Using Biometric Technologies, Biometric Privacy: Overview Video, Biometric Privacy: Risk Mitigation Video, Biometrics and Data Privacy Podcast, Biometric Privacy State Law Survey, and Biometric Privacy State Legislation Tracker (2025).