Slashdot reader schwit1 quotes an article from Bloomberg: These days, many of us regularly feed pieces of ourselves into machines for convenience and security. Our fingerprints unlock our smartphones, and companies are experimenting with more novel biometric markers — voice, heartbeat, grip — as ID for banking and other transactions. But there are almost no laws in place to control how companies use such information. Nor is it clear what rights people have to protect scans of their retinas or the contours of their face from cataloging by the private sector.
There’s one place where people seeking privacy protections can turn: the courts. A series of plaintiffs are suing tech giants, including Facebook and Google, under a little-used Illinois law. The Biometric Information Privacy Act, passed in 2008, is one of the only statutes in the U.S. that sets limits on the ways companies can handle data such as fingerprints, voiceprints, and retinal scans. At least four of the suits filed under BIPA are moving forward… Under the Illinois law, companies must obtain written consent from customers before collecting their biometric data. They also must declare a point at which they’ll destroy the data, and they must not sell it… “Social Security numbers, when compromised, can be changed,” the law reads. “Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, [and] is at heightened risk for identity theft.”
Read more of this story at Slashdot.