CONSENT FOR ID.ME TO COLLECT BIOMETRIC DATA

Find it. Solve it.
Post Reply
thaterrormessage
Site Admin
Posts: 7238
Joined: Tue Jul 14, 2020 3:21 pm

CONSENT FOR ID.ME TO COLLECT BIOMETRIC DATA

Post by thaterrormessage »

BIOMETRIC INFORMATION PRIVACY STATEMENT
ID.me will not sell, rent, or trade your Biometric Information, and after verification you may request we delete your Biometric Information. Your Biometric Information will only be used by ID.me to verify your identity in accordance with the guidelines published by the National Institute for Standards and Technology or as required for the prevention of fraud. ID.me will transfer your Biometric Information to our third party partners only when required by a subpoena, warrant, or other court ordered legal action.

BIOMETRIC INFORMATION PRIVACY POLICY
This Biometric Information Privacy Policy describes how ID.me collects and uses certain Biometric Information, including facial geometry, in connection with the Services we provide.

Please carefully review this Biometric Information Privacy Policy prior to consenting to our collection and use of your Biometric Information. Please note that once consent has been provided for the collection and processing of Biometric Information as part of your verification it may not be revoked where it is required to complete the transaction for which it was collected, or to complete the verification Services.

Additionally, by consenting to the collection and use of your Biometric Information you acknowledge that you have been provided with, and agree to be bound by, the ID.me Terms of Service and the ID.me Privacy Policy.

1. What is Biometric Information?
Biometric Information is a form of Personal Information related to biometric characteristics which may be used to identify you. Common examples include fingerprints, voiceprints, scans of a hand, facial geometry recognition, and iris or retina recognition. As used in this policy, Biometric Information includes any “biometric identifiers” or “biometric information” as defined under applicable law.

2. What Biometric Information Do We Collect?
The information we collect will vary depending on the specific type of Services you request. Many ID.me Services do not require Biometric Information, however certain Services – those requiring a NIST 800-63A IAL2 credential, such as the Internal Revenue Service (IRS), Office of Veterans Affairs (VA), or certain state unemployment or labor departments - may require a higher level of assurance for your identity verification. When you sign up for an applicable ID.me Service we may collect the following Biometric Information:

Facial Biometrics: Our Service may require you to upload an image of your government issued or other identification document(s) as well as your photographic image or "selfie" photograph using your mobile or other device. We use these images to create a facial geometry or faceprint which we use for purposes of identity verification and to prevent the creation of multiple accounts in a fraudulent manner.

3. How Do We Use Your Biometric Information?
We use your Biometric Information only as follows:

To verify your identity when you are opening an account or using our Services;

To authenticate use of your account and the Services for a transaction;

To prevent fraudulent uses of ID.me’s Services or the creation of multiple accounts; and

To comply with legal obligations or comply with a request from law enforcement or government entities where not prohibited by law.

4. Do We Share or Disclose Your Biometric Information?
ID.me will only share your Biometric Information with our partners in the following circumstances:

As required with other third parties where permitted by law to enforce our Terms of Service, to comply with legal obligations, or to cooperate with law enforcement agencies concerning conduct or activity that we reasonably believe may violate federal, state, or local law when required by a subpoena, warrant, or other court ordered legal action, and to prevent harm, loss or injury to others.

To third party service providers that perform functions on our behalf. These service providers are limited to using the Biometric Information to assist in our provision of Services, and must maintain any Biometric Information we share in a secure fashion.

5. Do We Sell Your Biometric Information?
ID.me will not sell, rent, or trade your Biometric Information. Your Biometric Information will only be used by ID.me to verify your identity in accordance with the guidelines published by the National Institute for Standards and Technology or as required for the prevention of fraud. In fulfilling our Services to you, ID.me will transfer your Biometric Information to our third party partners only when required by a subpoena, warrant, or other court ordered legal action.

6. How Long Does ID.me Retain My Biometric Information?
ID.me may retain your Biometric Information for up to thirty-six months. ID.me collects and processes your Biometric Information in order to verify your identity and help prevent fraud. Biometric Information is retained in line with ID.me’s obligations to our partners, with the specific retention periods determined by the first partner with whom a user first verifies their identity (e.g., IRS, Dept. of Veterans Affairs, a state workforce agency, etc.) Certain partners may require this information to be purged within twenty-four (24) hours following a successful verification, other partners may require a longer retention period, but under no circumstances will ID.me retain this information for longer than thirty-six (36) months absent a subpoena, warrant, or other legally compelling justification.

For ID.me members who are residents of Illinois, in accordance with Illinois state law ID.me will retain Biometric Information only until the occurrence of the first of the following:(a) The initial purpose for collecting or obtaining such Biometric Information has been satisfied; or (b) Three (3) years following your last interaction with ID.me.

7. Can I Request that ID.me Delete My Biometric Information?
Yes, you may direct ID.me to delete your Biometric Information. After successfully verifying your identity, you may request that ID.me delete your Biometric Information. You may request the deletion of both the selfie image and Biometric Information submitted during your verification by submitting a request through the ID.me “Privacy Rights Center” which is accessible via a link at the bottom of our Website, or under the “Privacy” setting in your account. Deletion of the selfie image and associated Biometric Information may take up to seven (7) days and will not impact the validity of your credential or verified status. ID.me reserves the right to retain this information as needed to comply with our legal obligations, including warrants, subpoenas or other court orders, or to help prevent fraud.

Pursuant to the California Consumer Privacy Act of 2018 (CCPA), residents of California are entitled to additional rights and disclosures regarding their Personal information, including Biometric Information. Please see our Notice to California Residents for additional details regarding these disclosures and how to exercise your rights.

8. Can I refuse to provide My Biometric Information?
Yes, you may refuse to consent for the collection of your Biometric Information. Please note that if you refuse to consent to the collection and processing of your Biometric Information then we may not be able to verify you at the required level of assurance for use of all of our Services.

Alternate pathways to verification may be available. ID.me provides an alternate pathway for individuals to verify their identity. Instead of providing consent for the collection and use of your Biometric Information, you may be presented with the option to speak with one of our Trusted Referees on a recorded video. This alternate method of verification satisfies the NIST 800-63A IAL2 requirements, however this Service is not available for use with all partners.

9. What Kind of Storage and Security Do You Use With My Biometric Information?
We are committed to protecting your information. We have adopted technical, administrative, and physical security procedures to help protect your information from loss, misuse, unauthorized access, and alteration. Please note that no data transmission or storage can be guaranteed to be 100% secure.

We employ appropriate security safeguards. To safeguard certain sensitive information (such as Biometric Information and government-issued identification information), we implement security measures such as encryption, firewalls, and intrusion detection and prevention systems.

10. Changes
This Biometric Information Privacy Policy may be periodically updated. From time-to-time we may update this policy to reflect new features or changes in our Personal Information practices or our Services. We will post a notice for users at the top of this Privacy Policy addressing any significant changes.
*IS THIS ERROR HAPPENING NOW? Reply in real-time below.* Hold software providers accountable - we rely on the community to acknowledge the same errors and their workarounds/fixes. Register to search and full board access.
Post Reply