As previewed in Mintz’s earlier post, New York City’s Biometric Identifier Information Law (the “NYC Law”) is now in force, effective Friday, July 9th. The NYC Law requires that places of entertainment, retail stores and food and drink establishments that collect biometric identifying information, including from customers and employees, post a “clear and conspicuous” notice to that effect near customer entrances. Further, the NYC Law prohibits the establishment from selling the information or exchanging it for value. Financial institutions are exempt from the signage requirement but not the prohibition on sale. Businesses who have CCTV’s are not required to post a notice, provided that: i) they do not analyze the footage to collect biometric identifying information, such as facial recognition; and ii) they do not share the footage except with law enforcement. Notably, the NYC Law provides a private right of action, but the potential plaintiff must give the business 30 days’ written notice before commencing an action for violation of the signage requirement, during which time the business may cure. There is no cure period for violations of the sale requirement.
The NYC Law also provides that the NYC Department of Consumer Affairs issue regulations regarding the signage, but as of Monday, July 12, the regulations have not yet been published. Since the NYC Law is in effect, covered businesses that collect the broad scope of “biometric information” should post some notice today.