Answer: B - Under Illinois Biometric Information Privacy Act (BIPA) allows for a private right of action by Illinois citizens who face damages and harm for biometric data breaches when the customer never consented to the collection, use, and storage of their private information. In addition, if an organization, even an organization headquartered in another state, does not obtain consent from Illinois customers before collecting, using and/or storing biometric data, those customers can seek remedy under civil suits.
Washington state’s biometric privacy laws and Texas’s Capture or Use of Biometric Identifier Act (CUBI) do not generally allow for private rights of action. Under these state laws, enforcement of violations is typically left to the discretion of the respective states’ Attorney Generals. The AG’s Office may treat violations as per se unfair and deceptive trades and practices.
