Face recognition raises complex legal privacy compliance issues, especially in video surveillance and law enforcement. Europe's GDPR requires explicit and revocable consent to collect, retain or transfer biometric data, with limited and narrowly defined exceptions. In the US, while there is not (yet) a national privacy framework, end users and integrators must navigate a patchwork of state and municipal regulations, including (A) the Illinois Biometric Information Privacy Act (BIPA) and similar biometric data privacy laws in Texas and Washington, (B) the California Consumer Privacy Act (CCPA) and state privacy breach notification laws, (C) municipal bans in California and Massachusetts towns and (D) Washington's facial recognition law. Recent legislative initiatives have passed in Alabama, Virginia and Colorado that signal a shift toward responsible and balanced public policy on biometric technologies, and hint at a path forward across the nation.

In this session, we will explore the following:
(A) What are the requirements end users and integrators need to know about?
(B) What are potential penalties for non-compliance?
(C) What are best practices to comply with these requirements, especially in system and procedure design?
(D) What can the industry expect for future regulation?