Biometric and Genetic Data Collection

This question asks if your software collects or creates any biological or behavioral data about people - like fingerprints, face scans, DNA information, or even patterns in how someone types or moves their mouse. Think of it as asking whether you're collecting the digital equivalent of someone's physical characteristics or unique behaviors. This is some of the most sensitive data that exists.

Biometric data is subject to the strictest privacy laws globally, with violations resulting in massive fines and criminal liability in some jurisdictions. Illinois' BIPA law has resulted in settlements exceeding $650 million for improper biometric handling. Most enterprises will immediately disqualify vendors handling biometrics without proper safeguards. However, proper biometric handling can enable high-security applications and premium pricing.

Companies often don't realize that behavioral analytics (like typing patterns for fraud detection) counts as biometric data in many jurisdictions. Another mistake is implementing facial recognition for seemingly innocent features like photo tagging without understanding the legal implications. Many also fail to get explicit, written consent before collecting any biometric data.