Illinois Biometric Information Privacy Act (BIPA)
In effect since
Overview
Requires informed written consent before collecting biometric data including facial geometry, fingerprints, and voiceprints. Private right of action with statutory damages.
This is an AI-specific state law.
Who this applies to
This regulation applies to companies that use or deploy AI tools and systems built by other vendors. If your company uses AI-powered products in the areas listed below, this regulation may apply to you.
AI categories covered
- Employment and hiring
- Consumer-facing AI
Specific AI use cases:
- Video interview analysis
- Fraud detection
What this requires you to do
Consent required
Obtain consent. Get explicit permission from individuals before collecting or using their data with AI.
Transparency notice required
Provide transparency notices. Inform affected individuals that AI is being used and how it influences decisions.
Data retention limits
Follow data retention limits. Do not retain personal data collected by AI longer than necessary.
Record-keeping required
Maintain records. Keep documentation of your AI systems, decisions made, and compliance activities.
Enforcement and penalties
$1,000 per negligent violation, $5,000 per intentional violation. Private right of action. This is the highest litigation risk of any state AI or biometric law we track.
Source
Read the full text
https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57
Always verify current language and amendments at the official source.
Other Illinois regulations
Explore more rules in the same jurisdiction that may apply to your AI systems.
Want to know what else applies to your company?
Run a free XIRA scan to see all regulations that match your states and AI tools.