top of page
  • Writer's picturePaul Peter Nicolai

New York City Biometric Identifier Information Ordinance

Updated: Jun 17, 2022

As part of a growing national privacy trend, a new biometrics privacy ordinance in New York City puts new limits on commercial establishments that collect, process or transfer customer biometric identifier information (BII). Under it, covered businesses must notify customers of their use of BII in plain and simple language using clear and conspicuous signage placed near all customer entrances. The Ordinance also flatly prohibits selling, leasing, trading, sharing, or otherwise profiting from BII. The Ordinance says commercial establishments are places of entertainment, retail stores, or food and drink establishments. BII includes retina or iris scans, fingerprints, voiceprints, scans of hand or face geometry, and other biological or psychological characteristics that identify or assist in identifying an individual.


The Ordinance is directed at surveillance-oriented and for-profit uses of the expanding array of detectable BII. Some retail establishments log and file BII from every customer who walks in. The Ordinance addresses civil liberty and cybersecurity concerns raised by the increasing reliance on BII collection in commercial spaces.


The Ordinance creates two private causes of action.


Notably, the Ordinance does not create liability for government agencies, employees, agents, or financial institutions. It does trigger liability for images/videos not analyzed by BII technology or not shared with third parties other than law enforcement.

Recent Posts

See All

Why the Debate on Privacy Law Matters to Business

Personal data is used by a broader range of entities for a broader range of purposes daily. Privacy and data security issues are constantly evolving, with developments due to technology, public policy

bottom of page