|Introduced in House||Passed House||Introduced in Senate||Passed Senate||Became Law|
Biometric data; employer policy on storage, protection, and destruction, civil penalty.
Establishes the parameters for the capture and safekeeping of biometric data by employers. The bill defines "biometric data" as a retina or iris scan, fingerprint, voiceprint, record of hand or face geometry, or any other means of information, regardless of how it is captured or stored, that is used to identify an individual based on biological identifiers. Once the purpose for capturing the data is complete, or after three years from the date it is last used for its initial purpose, whichever occurs first, the biometric data must be destroyed. An employer who violates the requirements of the bill is subject to a civil penalty of not more than $25,000 for each violation. The bill also provides a right of action against employers who violate the parameters of capturing and safekeeping biometric data.
Be it enacted by the General Assembly of Virginia:
1. That the Code of Virginia is amended by adding in Article 5 of Chapter 3 of Title 40.1 a section numbered 40.1-51.4:6 as follows:
� 40.1-51.4:6. Biometric data; employer policy on storage, protection, and destruction; civil penalty.
A. As used in this section, "biometric data" means a retina or iris scan, fingerprint, voiceprint, record of hand or face geometry, or any other means of information, regardless of how it is captured or stored, that is used to identify an individual based on biological identifiers.
B. An employer seeking to capture biometric data on an employee or potential employee shall (i) maintain a written policy made available to employees on the capture, retention, and destruction of biometric data and (ii) obtain written informed consent of the individual to the capturing and storing of his biometric data which shall identify the biometric data to be captured, the purpose for capturing the biometric data, the mechanism for storing the biometric data, and the length of time the biometric data will be stored and used.
C. An employer in possession of biometric data shall store, transmit, and protect such biometric data using a reasonable standard of care within the employers industry. Once the purpose for capturing and storing the biometric data is complete, or after three years from the date such biometric data was last used for its initial purpose, whichever occurs first, the biometric data shall be destroyed. Once the employer-employee relationship is terminated, the initial purpose for capturing the biometric data is deemed expired and the employer shall destroy the biometric data within two weeks of the employees final day of employment and notify the employee of the destruction of his biometric data.
D. An employer in possession of biometric data is prohibited from selling, leasing, trading, or otherwise profiting from an individuals biometric data. The employer shall obtain the written consent of the individual whose biometric data has been captured in order to share biometric data to a third party. An employer may disclose the biometric data pursuant to a valid warrant or subpoena as required by state or federal law.
E. An employer who violates this section is subject to a civil penalty of not more than $25,000 for each violation. An aggrieved party shall have a right of action in circuit court against an offending party.
|01/22/2020||House||House: Referred to Committee on Communications, Technology and Innovation|
|01/07/2020||House||House: Prefiled and ordered printed; offered 01/08/20 20103974D|
|01/07/2020||House||House: Referred to Committee on Agriculture, Chesapeake and Natural Resources|