Loading chat...
IA SSB3085
SB
Status
Introduced
1/27/2026
Primary Sponsor
Technology
Click for details
AI Summary
- Requires private entities possessing biometric data (retina, iris, fingerprint, voice, facial geometry) to develop written retention policies and destroy data within three years after the subject's last interaction or when collection purposes are fulfilled
- Prohibits private entities from collecting biometric data without first providing written notice to the individual about the collection and its purposes, and bans selling, leasing, or profiting from such data
- Mandates that biometric data be stored and protected using industry-standard security methods equivalent to or stronger than password protection
- Exempts employers using employee biometric data solely within the scope of employment, and excludes photographs, written signatures, demographic data, and medical imaging from the definition of biometric identifiers
- Establishes civil penalties enforced by the Department of Inspections, Appeals, and Licensing: $1,000 for first violation, $5,000 for second, and $10,000 for third or subsequent violations, with a 30-day cure period for first-time offenders
Legislative Description
A bill for an act relating to private entity requirements concerning biometric data, and providing civil penalties.
Last Action
Subcommittee recommends passage.
2/4/2026
Committee Referrals
Technology1/27/2026
Full Bill Text
No bill text available