IAPP CIPP/US Practice Exam

Category - Professional

Kronos was named a defendant in a class-action lawsuit due to the organization’s failure to obtain employees’ permission before scanning their fingerprints and sharing information with these employees about how the fingerprint scans were to be used. Which law did Kronos violate?
  1. New York “Shield Act”
  2. CCPA
  3. New York Digital Fairness Act
  4. BIPA
Explanation
Answer: D - In this instance, Kronos violated Illinois Biometric Information Protection Act (BIPA). Under this state law, no entity may collect, capture, procure, otherwise obtain or store biometric information without the data subject’s consent.

Organizations must provide written notice about the collection, storage, use, transfer and other inflation about the data collection tool/use purpose and process. Under BIPA, consumers (and employees) must provide written consent for the collection, use, storage and/or sharing of the biometric information.
Was this helpful? Upvote!
Login to contribute your own answer or details

Top questions

Related questions

Most popular on PracticeQuiz