Adds protections for an individual's biometric data by requiring written policy for person(s) that determines the purposes for and means of processing biometric data.
The written policy must establish a retention schedule for all biometric identifiers.
Also include protocol for responding to breach of security of biometric identifiers/data.
Guidelines that require permanent destruction of identifier by the earliest of dates.
Controller must satisfy disclosure/consent requirements before collecting identifier.
Specifies certain prohibited acts and requirements for controllers that process data.
Requires a controller to allow a consumer to access and update a biometric identifier.
Restricts employer's permissible reasons for obtaining employee's collection consent.
Legislative History
On Jan. 29, 2024, bill introduced in House; on Feb. 20, 2024, bill passed in the House.
On Feb. 23, 2024, bill introduced in Senate; on Apr. 19, 2024, bill passed in Senate.
On Apr. 22, 2024, House concurred amendments; on May 28, 2024, sent to governor.
Effectiveness
If enacted, this act takes effect Jul. 1, 2025.
May 31, 2024 COL LEG Governor Approval
On May 31, 2024, COL LEG reported governor signed bill, effective on Jul. 1, 2025.
