Veriff
The future of veriff

Going above and beyond with data protection: Veriff and the Illinois Biometric Information Privacy Act

Veriff brings complete transparency to digital interactions, and has a deep commitment to protecting the privacy and the security of its customers’ and users’ biometric data and meeting the requirements of the Illinois Biometric Information Privacy Act (BIPA).

What is BIPA?

BIPA is an Illinois law that was enacted in October 2008. BIPA regulates the possession, collection, disclosure, and security of biometric identifiers and biometric information, which can include scans of face geometry. Companies that use Veriff’s services should be aware of the law and are required to have BIPA compliance measures in place.

Veriff makes that easy with built-in features as part of its standard offering, such as notice and consent screens in the Veriff software development kit (SDK) and web integrations. Veriff customers should contact their legal departments for details on how to use Veriff responsibly and comply with BIPA obligations.

What are BIPA’s main requirements?

BIPA imposes obligations on companies that collect or possess biometric data. These include:

  • Developing a publicly available retention schedule
  • Requiring companies to provide notice and to obtain a written release prior to collection
  • Prohibiting companies from selling, leasing or trading biometric identifiers and biometric information
  • Prohibiting, in most cases, the disclosure of biometric identifiers and biometric information without consent
  • Requiring companies to protect biometric data using reasonable security measures
  • Limiting how long a company may retain biometric data.
How Veriff complies with BIPA?
  • For those customers that use Veriff’s SDK and web integration, we conspicuously notify consumers that Veriff’s identity verification services may involve the collection of biometric data. We also require consumers to consent to that collection from the outset of the identity verification process*
  • Providing explicit disclosures regarding Veriff’s collection, use, and retention of biometric data in the Veriff Privacy Policy
  • Never selling, leasing, or trading biometric identifiers or biometric information
  • Protecting all the data we collect, or that may be collected on our behalf, with appropriate security measures
  • Strictly complying with BIPA’s retention and deletion schedule requirements.

* All customers that use Veriff are independently responsible for complying with BIPA. This includes, for customers that use the Veriff API and “white-label” solutions , providing all necessary disclosures and obtaining all required consents.

Learn more

For more insight into Veriff’s commitment to security and compliance, explore our Trust Centre.