State laws may hinder biometric technology in schools
Many U.S. states are enacting biometric information privacy laws. These rules will have important implications for companies that collect biometric information as well as for public schools that adopt the technology.
The Biometric Information Privacy Act in Illinois captured headlines when the Illinois Supreme Court ruled in Rosenbach v. Six Flags Entertainment Corporation that a season pass holder could claim that the theme park breached the state’s biometric privacy law by collecting her 14-year-old son’s fingerprint data without signed permission or written notice.
Under federal and state laws such as this, companies that collect biometric information must provide the required notice and obtain the necessary consent before collecting biometric data.
As public schools enter partnerships with companies to collect biometric information—even if there are currently no laws that apply to public entities such as schools—districts should consider any risks of associated liability, says Brandon K. Wright, an Illinois-based school attorney at Miller, Tracy, Braun, Funk & Miller Ltd.
For instance, if a commercial vendor violates a biometric privacy law and is prosecuted, “is there language within agreements that says a school must indemnify for that liability in some way?” Wright says.
In the future, state biometric privacy laws may challenge school districts. “This state Supreme Court case certainly serves as a warning,” Wright says. “As you’re collecting this information, what are you doing to preserve or protect the confidentiality of students and are you getting consent to do so?”
Schools are obligated under the federal Family Educational Rights and Privacy Act (FERPA) to protect personally identifiable information, including biometric identifiers. To comply with FERPA and state laws, schools should negotiate vendor contracts and ensure that privacy agreements restrict access to biometric data, says Sara Collins, policy counsel for the Education Privacy Project at the Future of Privacy Forum.
She also advises district leaders to set clear terms for collection and destruction of biometric data, as well as discuss “who is storing the data, how long it is retained, and how schools and parents can access it.”
Interested in edtech? Keep up with the Future of Education Technology Conference®.