Massachusetts BIPA creates rules for private entities handling biometric data: notice, consent, retention limits, security, and restricted disclosure; with a private right to sue.