Security Policy Brief: What BIPA-Style Legislation Means for the Security Industry

Drake Jamali BIPA video screenshot

In this video, learn about BIPA laws and how SIA is engaging on behalf of members on this issue.

Biometric Information Protection Acts, or BIPA-style legislation, mandate written consent and notice requirements for private entities, including individuals, who use products that include biometric information, such as an individual’s retina, iris, face or fingerprints.

The Security Industry Association (SIA) supports measures that would ensure the protection of consumer data; however, BIPA-style legislation as it is currently written does not take into count how biometrics can be used for security applications. As such, this legislation could impact the effectiveness of the security products that you integrate, especially for access control against malicious actors.

Secondly, BIPA-style legislation establishes a private right of action for violations, which could put your business at risk for frivolous lawsuits if you handle biometric info incorrectly. We have seen this come to fruition in Illinois, which was the first state to pass such legislation in 2009 and has seen nearly 1,000 lawsuits, costing companies millions and preventing customers from accessing certain products and services, such as Amazon photos or Nest Security cameras.

Presently, Maryland, New Jersey, New York, Massachusetts and West Virginia have introduced BIPA-style legislation. We are actively engaging on this issue and have testified at public hearings to voice the industry’s concerns in Maryland and New Jersey.

If you have any questions about SIA’s activities on BIPA-style legislation, please feel free to contact me at