To embed, copy and paste the code into your website or blog: Companies that do business in New York or with New Yorkers could soon face an onslaught of biometric privacy-related litigation, courtesy of New York Assembly Bill 27, the Biometric Privacy Act (“BPA”). Currently pending before the legislature, the bill is modeled on Illinois’ Biometric Information Privacy Act (“BIPA”) and, like that law, would impose a set of rules businesses must follow when collecting biometric information. Critically, the BPA would create a private right of action for those “aggrieved” by violations of the law. The similar private right of action in Illinois’ BIPA has generated a tremendousvolume of consumer class-action litigation, including against some of the mostprominent companies in the country. The BIPA litigation in Illinois is driven in large part by the Illinois Supreme Court’s ruling that individuals do not have to suffer an actual, concrete injury in order to be “aggrieved” under the BIPA. While there is a split in authority—and standing in consumer class actions is an issue currently on the Supreme Court’s docket—some federal courts have also endorsed this view in the context of Article III standing, despite Supreme Court precedent to the contrary. A similar ruling regarding New York’s BPA would potentially lead to a similar flood of litigation, with individuals able to bring suit alleging only bare procedural violations of the statute. Businesses could face significant statutory liability, because the BPA includes provisions awarding statutory damages of $1,000 per negligent violation and $5,000 per intentional or reckless violation. Those statutory damages are a powerful incentive to bring suit even in the absence of any real-world harm.