A good example of the complexity of privacy risk is related to biometric technology, which measures and analyzes an individual’s unique physical characteristics or behaviors for identification and authentication. The Biometric Information Privacy Act (BIPA), enacted by the state of Illinois, is among the most stringent biometric laws in the US, monitoring private entities’ collection, use, and handling of biometric data. Many other states have also introduced or enacted similar legislation governing the collection, use, and storage of biometric information.
As this technology evolves and is increasingly integrated into service delivery and business functions, regulations will continue to change, as will organizations’ exposures. Many insurers are beginning to notice an uptick in claims surrounding the use of biometric identifiers.
Underappreciated privacy breach costs
In recent years, privacy liability claims have increased, as have settlement values. Although many privacy-related lawsuits have yet to go to trial, the associated legal expenses, fees, and settlements have become more frequent, and incurring financial costs for organizations.
While ransomware events…
