Earlier this month, lawmakers inside the New York State legislature raised the possibility of passing Assembly Bill 27, otherwise known as the Biometric Privacy Act. Among other things, the proposed legislation would require organizations to develop a written retention policy for storing and disposing of biometric data, as well as obtain written consent from employees or customers prior to collecting such information. 

While nearly identical to Illinois’ Biometric Information Privacy Act (BIPA)—including the availability of a private right of action—the New York law would potentially cast a much wider shadow than its predecessor and force businesses to quickly reevaluate their use of biometric technologies.