Legislation
SECTION 106-B
Use of biometric identifying technology in schools
State Technology (STT) CHAPTER 57-A, ARTICLE 1
§ 106-b. Use of biometric identifying technology in schools. 1. As
used in this section:
a. "biometric identifying technology" shall mean any tool using an
automated or semi-automated process that assists in verifying a person's
identity based on a person's biometric information.
b. "biometric information" shall mean any measurable physical,
physiological or behavioral characteristics that are attributable to a
person, including but not limited to facial characteristics, fingerprint
characteristics, hand characteristics, eye characteristics, vocal
characteristics, and any other characteristics that can be used to
identify a person including, but are not limited to: fingerprints;
handprints; retina and iris patterns; DNA sequence; voice; gait; and
facial geometry.
c. "facial recognition" shall mean any tool using an automated or
semi-automated process that assists in uniquely identifying or verifying
a person by comparing and analyzing patterns based on the person's face.
2. a. Except as authorized in paragraph b of this subdivision, public
and nonpublic elementary and secondary schools, including charter
schools, shall be prohibited from purchasing or utilizing biometric
identifying technology for any purpose, including school security, until
July first, two thousand twenty-two or until the commissioner of
education authorizes such purchase or utilization as provided in
subdivision three of this section, whichever occurs later.
b. Schools may utilize biometric identifying technology for the
following purposes: (i) fingerprint identification of prospective school
employees where utilized for the purpose of compliance with a provision
of the education law or the regulations of the commissioner of education
or (ii) to exclusively identify employees that have consented in writing
to the use of such technology or in the case of employees represented
under article fourteen of the civil service law, where the employee
organization representing such employee has consented in writing to the
use of such technology.
3. a. The commissioner of education shall not authorize the purchase
or utilization of biometric identifying technology, including but not
limited to facial recognition technology, without the director first
issuing a report prepared in consultation with the state education
department, making recommendations as to the circumstances in which the
utilization of such technology is appropriate in public and nonpublic
elementary and secondary schools, including charter schools, and what
restrictions and guidelines should be enacted to protect individual
privacy, civil rights, and civil liberty interests. Such report shall be
made public and presented to the governor, the temporary president of
the senate, and the speaker of the assembly, and shall consider,
evaluate and present recommendations concerning:
i. the privacy implications of collecting, storing, and/or sharing
biometric information of students, teachers, school personnel and the
general public entering a school or school grounds;
ii. the potential impact of the use of biometric identifying
technology on student civil liberties and student civil rights,
including the risks and implications of the technology resulting in
false facial identifications, and whether the risks of false facial
identifications differs for different subgroups of individuals based on
race, national origin, gender, age and other factors, and any other
reasonable accuracy concerns with respect to technology;
iii. whether, and under what circumstances, such technology may be
used for school security and the effectiveness of such technology to
protect students and school personnel;
iv. whether, and under what circumstances and in what manner,
information collected may be used by schools and shared with students,
parents or guardians, outside agencies including law enforcement
agencies, individuals, litigants, the courts, and any other third
parties;
v. the length of time biometric information may be retained and
whether, and in what manner, such information may be required to be
permanently destroyed;
vi. the risk of an unauthorized breach of biometric information and
appropriate consequences therefor;
vii. expected maintenance costs resulting from the storage and use of
facial recognition images and other biometric information, including the
cost of appropriately securing sensitive data, performing required
updates to protect against an unauthorized breach of data, and potential
costs associated with an unauthorized breach of data;
viii. analysis of other schools and organizations, if any, that have
implemented facial recognition technology and other biometric
identifying technology programs;
ix. the appropriateness and potential implications of using any
existing databases, including but not limited to, local law enforcement
databases, as part of biometric identifying technology;
x. whether, and in what manner such biometric identifying technology
should be assessed and audited, including but not limited to, vendor
datasets, adherence to appropriate standards of algorithmic fairness,
accuracy, and other performance metrics, including with respect to
subgroups of persons based on race, national origin, gender, and age;
xi. whether, and in what manner, the use of such technology should be
disclosed by signs and the like in such schools, as well as communicated
to parents, guardians, students, and district residents; and
xii. existing legislation, including but not limited to section two-d
of the education law, that may be implicated by or in conflict with
biometric technology to ensure the maintenance of records related to the
use of such technology, protect the privacy interests of data subjects,
and avoid any breaches of data.
b. The director, in consultation with the commissioner of education,
shall consult with stakeholders and other interested parties when
preparing such report. The state education department, the division of
criminal justice services, law enforcement authorities and the state
university of New York and the city university of New York shall, to the
extent practicable, identify and provide representatives to the office
of information technology, at the request of the director, in order to
participate in the development and drafting of such report.
4. The director shall, via scheduled public hearings and other
outreach methods, seek feedback from teachers, school administrators,
parents, individuals with expertise in school safety and security, and
individuals with expertise in data privacy issues and student privacy
issues, and individuals with expertise in civil rights and civil
liberties prior to making such recommendations.
used in this section:
a. "biometric identifying technology" shall mean any tool using an
automated or semi-automated process that assists in verifying a person's
identity based on a person's biometric information.
b. "biometric information" shall mean any measurable physical,
physiological or behavioral characteristics that are attributable to a
person, including but not limited to facial characteristics, fingerprint
characteristics, hand characteristics, eye characteristics, vocal
characteristics, and any other characteristics that can be used to
identify a person including, but are not limited to: fingerprints;
handprints; retina and iris patterns; DNA sequence; voice; gait; and
facial geometry.
c. "facial recognition" shall mean any tool using an automated or
semi-automated process that assists in uniquely identifying or verifying
a person by comparing and analyzing patterns based on the person's face.
2. a. Except as authorized in paragraph b of this subdivision, public
and nonpublic elementary and secondary schools, including charter
schools, shall be prohibited from purchasing or utilizing biometric
identifying technology for any purpose, including school security, until
July first, two thousand twenty-two or until the commissioner of
education authorizes such purchase or utilization as provided in
subdivision three of this section, whichever occurs later.
b. Schools may utilize biometric identifying technology for the
following purposes: (i) fingerprint identification of prospective school
employees where utilized for the purpose of compliance with a provision
of the education law or the regulations of the commissioner of education
or (ii) to exclusively identify employees that have consented in writing
to the use of such technology or in the case of employees represented
under article fourteen of the civil service law, where the employee
organization representing such employee has consented in writing to the
use of such technology.
3. a. The commissioner of education shall not authorize the purchase
or utilization of biometric identifying technology, including but not
limited to facial recognition technology, without the director first
issuing a report prepared in consultation with the state education
department, making recommendations as to the circumstances in which the
utilization of such technology is appropriate in public and nonpublic
elementary and secondary schools, including charter schools, and what
restrictions and guidelines should be enacted to protect individual
privacy, civil rights, and civil liberty interests. Such report shall be
made public and presented to the governor, the temporary president of
the senate, and the speaker of the assembly, and shall consider,
evaluate and present recommendations concerning:
i. the privacy implications of collecting, storing, and/or sharing
biometric information of students, teachers, school personnel and the
general public entering a school or school grounds;
ii. the potential impact of the use of biometric identifying
technology on student civil liberties and student civil rights,
including the risks and implications of the technology resulting in
false facial identifications, and whether the risks of false facial
identifications differs for different subgroups of individuals based on
race, national origin, gender, age and other factors, and any other
reasonable accuracy concerns with respect to technology;
iii. whether, and under what circumstances, such technology may be
used for school security and the effectiveness of such technology to
protect students and school personnel;
iv. whether, and under what circumstances and in what manner,
information collected may be used by schools and shared with students,
parents or guardians, outside agencies including law enforcement
agencies, individuals, litigants, the courts, and any other third
parties;
v. the length of time biometric information may be retained and
whether, and in what manner, such information may be required to be
permanently destroyed;
vi. the risk of an unauthorized breach of biometric information and
appropriate consequences therefor;
vii. expected maintenance costs resulting from the storage and use of
facial recognition images and other biometric information, including the
cost of appropriately securing sensitive data, performing required
updates to protect against an unauthorized breach of data, and potential
costs associated with an unauthorized breach of data;
viii. analysis of other schools and organizations, if any, that have
implemented facial recognition technology and other biometric
identifying technology programs;
ix. the appropriateness and potential implications of using any
existing databases, including but not limited to, local law enforcement
databases, as part of biometric identifying technology;
x. whether, and in what manner such biometric identifying technology
should be assessed and audited, including but not limited to, vendor
datasets, adherence to appropriate standards of algorithmic fairness,
accuracy, and other performance metrics, including with respect to
subgroups of persons based on race, national origin, gender, and age;
xi. whether, and in what manner, the use of such technology should be
disclosed by signs and the like in such schools, as well as communicated
to parents, guardians, students, and district residents; and
xii. existing legislation, including but not limited to section two-d
of the education law, that may be implicated by or in conflict with
biometric technology to ensure the maintenance of records related to the
use of such technology, protect the privacy interests of data subjects,
and avoid any breaches of data.
b. The director, in consultation with the commissioner of education,
shall consult with stakeholders and other interested parties when
preparing such report. The state education department, the division of
criminal justice services, law enforcement authorities and the state
university of New York and the city university of New York shall, to the
extent practicable, identify and provide representatives to the office
of information technology, at the request of the director, in order to
participate in the development and drafting of such report.
4. The director shall, via scheduled public hearings and other
outreach methods, seek feedback from teachers, school administrators,
parents, individuals with expertise in school safety and security, and
individuals with expertise in data privacy issues and student privacy
issues, and individuals with expertise in civil rights and civil
liberties prior to making such recommendations.