The use of biometric technology is commonplace for both personal use and for nearly every business industry, including transportation, manufacturing, automotive, healthcare, education, and others. But laws are having a hard time keeping up and, to date, only three states have enacted stand-alone legislation specifically addressing commercial collection, storage, and use of biometric information, while very little has been presented at the federal level. It is more important now than ever for companies to become familiar with the risks of using biometrics as it pertains to identity theft and inherent bias. While Illinois, Texas, and Washington have enacted statutes addressing private entities’ practices with respect to biometric information, several other states recently amended their breach notification and data protection laws to include biometric data among the protected types of information. More statutes are expected to emerge in the years to come at both the state and federal levels, and businesses should become familiar with laws, such as Illinois’ Biometric Information Privacy Act (BIPA), Washington’s House Bill 1493 and Arizona’s Data-Breach Notification Law, among others.