In the most recent edition of the McLane Middleton Minutes podcast, I interviewed Mary Hildebrand, chair of Lowenstein Sandler’s privacy and cybersecurity practice group, about best practices for companies considering facial recognition software. In particular, we focused on the lessons from the Illinois Biometric Information Privacy Act and the Federal Trade Commission’s recent Everalbum settlement agreement. The key takeaways:
- Due Diligence: Organizations should conduct careful due diligence, requesting testing results and assessments from developers confirming that the software is effective and vetted for bias;
- Disclosures: Any organization implementing facial recognition software should disclose the fact that it uses the technology as well as how the organization uses the data collected and derived from the facial recognition software; and
- Consent: Each individual subject to a facial scan must opt-in to the collection and processing of that data.
Listen to our conversation here.