MO SB1359

Private entities in Missouri can avoid liability for unauthorized or negligent disclosure of biometric identifiers (fingerprints, iris scans, voiceprints, face/hand geometry scans) by following specific compliance requirements

Compliance requires posting visible warnings about biometric data collection, informing individuals of the specific purpose for collection, and maintaining a public written policy on data retention and destruction

Biometric data must be destroyed when the initial collection purpose is satisfied or within 3 years of the individual's last interaction, whichever comes first

Exemptions apply to financial institutions subject to the Gramm-Leach-Bliley Act, HIPAA-covered health care information, genetic testing data, medical imaging, and organ/tissue donations

State and local government agencies, courts, and their employees are excluded from the definition of "private entity" and thus not covered by these liability protections