Safeguard Those Fingerprints Now That CCPA Looms
Biometric data must be safeguarded or violate the new California Consumer Privacy Act, going into effect January 1.
Franchises using biometrics—fingerprints, retinal scans and the like—for customer or employee ID should beware of the CCPA, according to Michael Cohen of Gray Plant Mooty. That’s the California Consumer Privacy Act that goes into effect January 1.
Although enforcement won’t begin until July 1, 2020, Cohen said businesses must be ready to comply right away, because plaintiffs’ attorneys will be looking for violators of the act pronto.
“As soon as there’s a possible claim to be brought under the California law they will start filing those. So let’s say you have 5,000 personal records of California residents and those have been subject to a data breach and you have not complied with the CCPA,” he said.
“That is the opening to your being sued for non-compliance,” and he lets his listeners do the math on 5,000 records at $750 a pop. “You’re opening yourself up to those extensive statutory damages.” Cohen and colleagues did a webinar yesterday on the topic.
Franchises that don’t do business in California can’t rest easy, either, said Dawn Johnson, an attorney with Greensfelder in St. Louis who works with franchisors. She notes “the huge increase in lawsuits” over biometrics in Illinois, the state with the strictest biometrics policy to date.
She expects other states to follow, and Cohen counts 14 states that have introduced laws that are “virtually identical to the CCPA.” We'll have more on the topic in an upcoming issue of Franchise Times.