After just having put in place the nation’s first municipal-level biometric privacy law regulating “commercial establishments,” New York City has further added to the web of biometric privacy regulation that continues to grow across the country with its enactment of the Tenant Data Privacy Act (TDPA), which regulates the collection, use, retention and security of biometric data (as well as other forms of sensitive personal information) by owners and operators of “smart access buildings” located in New York City.

The TDPA is the latest in a string of new laws specifically targeting the collection and use of biometrics, but is the first of its kind to provide targeted requirements and limitations focused on residential “smart access” technology.