Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Montana: Bill for facial recognition for government use signed by Governor and becomes law
Senate Bill 397 for the Facial Recognition for Government Use Act was signed into law, on June 29, 2023, by the Montana Governor. The Act regulates the use of facial recognition technology (FRT) by state, local government, and law enforcement agencies, and defines terms, including facial biometric data, facial identification, and verification, among others.
Requirements on public authorities
The Act establishes restrictions on the use of FRT, along with permitted uses, such as investigating serious crimes in certain circumstances. In addition, the Act stipulates requirements regarding notification when capturing the image of an individual, establishes rules for human review, and introduces auditing procedures to ensure that FRT is only used for legitimate law enforcement purposes.
Third-party vendors
A third-party vendor contracted by applicable agencies for the provision of a facial recognition service may not collect, capture, purchase, receive through trade, or otherwise obtain an individual's facial biometric data in the implementation of the service unless beforehand it:
- informs the individual or the individual's legally authorized representative in writing that facial biometric data is being collected or stored;
- informs the individual or the individual's legally authorized representative in writing of the specific purpose and length of term for which facial biometric data is being collected, stored, and used; and
- receives written consent from the individual or the individual's legally authorized representative authorizing the collection, storage, and use of the individual's facial biometric data.
In addition, third-party vendors are required to provide applicable agencies with a written privacy policy, as well as a policy regarding retention schedules and guidelines for permanently destroying facial biometric data. Furthermore, third-party vendors must establish a written information security policy creating appropriate administrative, technical, and physical controls to develop and govern the acceptable use of the third-party vendor's information technology.
Implementation
The Act will come into effect on its passage and approval and provides that a third-party vendor with an existing contract with certain state departments will be required to comply with the provisions of the Act by January 1, 2024.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
