Experts Keep an Eye on Six Flags Biometric Ruling’s Impact on Businesses

The case, involving the fingerprint of a 14-year-old boy in Illinois that was captured by Grand Prairie-based Six Flags Entertainment Corp., puts businesses on alert about how to handle biometric information.

researchers

Many businesses in Texas are capturing and keeping biometric information, but a recent ruling by the Illinois Supreme Court against Grand Prairie-based Six Flags Entertainment Corp. could have an impact on how businesses nationwide collect and keep that data.

The use of biometric identifiers like fingerprints or iris scans can lead to more accurate identification of customers or employees, businesses say, but legal experts say the ruling boils down to simple words of caution for companies—know the law.

The Illinois case was filed by Stacy Rosenbach, who claimed that Six Flags scanned and kept the fingerprint her then 14-year-old son gave when he picked up a season pass to the Six Flags Great America park in Gurnee, Illinois, during a group trip. The scan was part of a national policy that Six Flags instituted in 2014 as a security procedure for pass holders to enter and exit its parks.

The mother said she did not give Six Flags permission to collect and store her son’s fingerprints.

Six Flags argued that for her to be a “person aggrieved,” Rosenbach would need to demonstrate the collection of the biometric information resulted in some form of injury. Six Flags Entertainment is the parent company of Six Flags Over Texas, and it has not commented on the case.

“We do not comment on pending litigation,” Sharon Parker, communications manager for  Six Flags Over Texas/Hurricane Harbor, told Dallas Innovates via email.

No actual harm is required, court rules

In its ruling, the Illinois Supreme Court reversed an appeals court ruling that the violations alleged in the lawsuit over the state’s strict Biometric Information Privacy Act, passed by the Illinois Legislature in 2008, were just “technical” in nature and didn’t constitute harm under the statute.

The court said that procedural protections are important because biometric identifiers can’t be changed if compromised, and that the private right of action is the only available enforcement mechanism. No actual harm was required for a claim to made, the court said.

biometric

Matt Todd

“The violation, in itself, is sufficient to support the individual’s or customer’s statutory cause of action,” the court ruled. An article in the National Law Review posited that the ruling could open the floodgates to new class-action lawsuits in Illinois.

The ruling should put Texas businesses on alert, Polsinelli shareholder Matt Todd told Dallas Innovates.

“If you do business in Illinois, then you should be paying close attention to what is happening there,” he said, noting the Illinois statute and the Texas Biometric Privacy Law are two of the nation’s toughest.

“These two statutes are considered among the two most strict in the nation,” Todd said.

What is a biometric identifier?

In Texas, a “biometric identifier” is defined as a retina or iris scan, fingerprint, voiceprint, or a record of hand or face geometry, and that information can’t be captured for a commercial purpose unless the person is informed beforehand, and the business receives the person’s consent to capture it.

“If a Texas business is even thinking about collecting biometric information, they should become familiar with the statute,” Todd said.

“If a Texas business is even thinking about collecting biometric information, they should become familiar with the statute.”
Matt Todd

A major differences between the Illinois and Texas laws is who can file for legal action and that, in Texas, damages aren’t an issue.

In Illinois, the case was filed by the mother of young boy. In Texas, only the state’s attorney general can file an action, Todd said.

And unlike in Illinois where damages were an issue in the litigation, in Texas any violation is subject to a civil fine of up to $25,000 for each violation that goes to the state.

Texas’ statute—enacted in 2009—defines a time limit in which collected biometric data must be destroyed.

The business, “shall destroy the biometric identifier within a reasonable time, but not later that the first anniversary of the date the purpose for the collecting the identifier expires…,” the law requires.

If the identifier is collected in Texas for the purpose of employment, the law notes that purpose of collection is presumed to expire on the date that employment ends.

Todd said that data breaches have been a concern for the collection of biometric identifiers since the laws went into effect.

And, Todd noted, the Texas law does not apply to voiceprint data kept by financial institutions or their affiliates. That is covered under federal law.

Get on the list.
Dallas Innovates, every day.

Sign up to keep your eye on what’s new and next in Dallas-Fort Worth, every day.

One quick signup, and you’re done.
View previous emails.

R E A D   N E X T

  • Dr. Justin Lonon, vice chancellor of Dallas College, addresses the crowd at the recent Goldman Sachs 10,000 Small Businesses Dallas Graduation. [Photo: 10KSB]

    “There’s no one tougher and stronger than DFW small business owners," U.S. Representative Marc Veasey said at the event honoring the North Texas graduates. Here's the list of the 105 graduates and a rundown of the event. 10,000 Small Businesses also released insights from a recent research report. The survey says, among other findings, adaptation will be key to survival.

  • Lee Bratcher Texas Blockchain

    The inaugural October 8th Texas Blockchain Summit could be a watershed event for making Texas "the jurisdiction of choice" for Bitcoin and other digital currencies. Lee Bratcher, president of the Texas Blockchain Council, will host a wide array of speakers including Texas Senators John Cornyn and Ted Cruz and Wyoming Senator Cynthia Lummis.

  • BUiLT, nonprofit, Texas, North Texas, Dallas, Dallas-Fort Worth, DFW, Black talent, Black tech talent, Texas talent, North Texas talent, Dallas talent, Dallas-Fort Worth talent, DFW talent, talent attraction, Texas tech talent, North Texas tech talent, Dallas tech talent, Dallas-Fort Worth tech talent, DFW tech talent, Texas business, North Texas business, Dallas business, Dallas-Fort Worth business, DFW business, Texas nonprofit, North Texas nonprofit, Dallas nonprofit, Dallas-Fort Worth nonprofit, DFW nonprofit, symposium, symposia, non-profit, nonprofit, nonprofits, non-profits, cybersecurity, cyber security, north-texas, expo, vice president, Texas symposium, North Texas symposium, Dallas symposium, Dallas-Fort Worth symposium, DFW symposium,

    Nonprofit BUiLT is hosting the event to highlight the success and possibilities of Black tech talent in the region. “There is no talent pipeline problem,” says Peter Beasley, co-founder of the Blacks United in Leading Technology International. “Black tech talent is widely available, especially in North Texas.”

  • The NTXIA is a founding member of the new National Smart Coalitions Partnership, now one of the largest smart cities networks in the country. The organization unites more than 100 governments across seven regional smart cities consortiums. The goal? To accelerate sustainability and resilience in communities.

  • The U.S. Innovation and Competition Act, which passed in May, has the power to develop 20 tech hubs throughout the United States. According to Tech Titans' CEO Bill Sproull, Dallas-Fort Worth could be a strong contender for one of those spots.