Assembly Bill 27 – or Biometric Privacy Act – proposed by a bipartisan group of New York State lawmakers, would impose significant compliance requirements for companies handling biometric data. New York would become only the second state with a private right of action that includes statutory damages against entities that improperly use or retain biometric data. Specifically, the BPA will regulate entities’ use and retention of “biometric identifiers” and “biometric information.” Certain requirements would apply to private entities that engage in the collection of biometric identifiers and biometric information and also would prohibit private entities from selling, leasing, trading or otherwise profiting from an individual’s biometric data. In addition, it would put strict restrictions on private entities’ ability to disclose such information without the individual’s consent. The regulation provides a private right of action for any individual “aggrieved” by a violation of the law and would allow such individual to recover damages of up to $1,000 for each negligent violation and $5,000 for each intentional or reckless violation, as well as attorneys’ fees and costs.