WeVote

Bill

Bill

SD 1559

An Act relative to protecting biometric information under the security breach law

194th Legislature (2025-2026) Introduced by Mike Barrett

Massachusetts law expanded to require biometric data security standards and breach notifications, protecting fingerprints and facial recognition from exploitation after compromises.

House concurred
0
WeVote Research Nonpartisan
Bill Summary · SD 1559

Legislative bill overview

SD 1559 amends Massachusetts' data security breach law to extend protections specifically to biometric information. The bill requires entities that collect biometric data to implement security measures and notify individuals if their biometric data is compromised in a breach, similar to existing requirements for other personal information types.

Why is this important

Biometric data—such as fingerprints, facial recognition data, iris scans, and voice patterns—is increasingly collected by employers, financial institutions, and technology companies. Unlike passwords that can be changed, compromised biometric information cannot be replaced, making breach notification and security standards for this data particularly critical for consumer protection.

Potential points of contention

  • Definition scope: Disagreement may arise over what qualifies as "biometric information" and whether the law covers all collection types (employment, consumer apps, law enforcement databases)
  • Business compliance costs: Companies argue that implementing new security standards and notification procedures imposes significant operational and administrative expenses, particularly for smaller businesses
  • Notification thresholds: Debate over whether all breaches require notification or only those posing "reasonable risk" of misuse, and who determines that threshold

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.