In the most recent edition of the McLane Middleton Minutes podcast, I interviewed Mary Hildebrand, chair of Lowenstein Sandler’s privacy and cybersecurity practice group, about best practices for companies considering facial recognition software. In particular, we focused on the lessons from the Illinois Biometric Information Privacy Act and the Federal Trade Commission’s recent Everalbum settlement agreement. The key takeaways:

1. Due Diligence: Organizations should conduct careful due diligence, requesting testing results and assessments from developers confirming that the software is effective and vetted for bias;
2. Disclosures: Any organization implementing facial recognition software should disclose the fact that it uses the technology as well as how the organization uses the data collected and derived from the facial recognition software; and
3. Consent: Each individual subject to a facial scan must opt-in to the collection and processing of that data.

Listen to our conversation here.

Cameron Shilling

Cameron is the chair of the Cybersecurity and Privacy group at McLane Middleton. In his 20 plus years as a lawyer, Cameron has managed, litigated and resolved numerous commercial matters involving data security, technology, business, and employment issues in New Hampshire, Massachusetts, New England, and around the country. Data privacy is a focus of Cameron’s practice, including creating and implementing privacy policies, terms of use agreements, information use and social media policies, advising clients about workplace privacy, social media, and consumer privacy, and handling data privacy claims asserted against companies. 

Full Bio