SF 4351
Introduction - 94th Legislature (2025 - 2026)
Posted on 03/12/2026 09:44 a.m.
1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12 2.13 2.14 2.15 2.16 2.17 2.18 2.19
A bill for an act
relating to biometric data; requiring consent for collection; prohibiting sale;
requiring deletion; imposing civil penalties; proposing coding for new law in
Minnesota Statutes, chapter 325M.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:
Section 1.
new text begin
[325M.40] BIOMETRIC DATA; CONSENT; SAFEGUARDS.
new text end
new text begin Subdivision 1. new text end
new text begin Biometric data defined. new text end
new text begin
For purposes of this section, "biometric data"
means an image, description, or recording of a face, facial features, a retina, an iris, a
fingerprint, a voiceprint, hand geometry, or face geometry that may be used, singly or in
combination with each other or other information, to identify an individual.
new text end
new text begin Subd. 2. new text end
new text begin Consent required. new text end
new text begin
A person is prohibited from collecting biometric data from
an individual unless the person receives the individual's consent to collect the biometric
data before the collection occurs.
new text end
new text begin Subd. 3. new text end
new text begin Prohibitions; safeguards; retention. new text end
new text begin
A person who obtains biometric data:
new text end
new text begin
(1) must not sell, lease, or otherwise disclose the biometric data to another person unless:
new text end
new text begin
(i) the individual consents to the disclosure for identification purposes in the event of
the individual's disappearance or death;
new text end
new text begin
(ii) the disclosure completes a financial transaction that the individual requested or
authorized;
new text end
new text begin
(iii) the disclosure is required or permitted by a federal or state law; or
new text end
new text begin
(iv) the disclosure is made by or to a law enforcement agency for a law enforcement
purpose in response to a warrant;
new text end
new text begin
(2) must store, transmit, and protect from disclosure the biometric data using reasonable
care and in a manner that is at least as or more protective than the manner in which the
person stores, transmits, and protects other confidential information the person possesses;
and
new text end
new text begin
(3) must delete and destroy the biometric data within a reasonable time, but no later than
one year from the date the purpose for collecting the data expires, unless the data is
maintained pursuant to a federal or state law that requires a longer retention period, in which
case the biometric data must be destroyed within a reasonable time frame but no later than
one year from the date that the state or federal law retention period expires. If an employer
collects an employee's biometric data for security purposes, the purpose for collecting the
data expires upon termination of the employment relationship.
new text end
new text begin Subd. 4. new text end
new text begin Enforcement. new text end
new text begin
A person who violates this section is subject to a civil penalty
of not more than $25,000 for each violation. The attorney general may bring an action to
recover the civil penalty.
new text end
new text begin Subd. 5. new text end
new text begin Exemptions. new text end
new text begin
This section does not apply to voiceprint data retained by a
financial institution or an affiliate of a financial institution, as those terms are defined by
United States Code, title 15, section 6809.
new text end