Capture or Use of Biometric Identifiers Act (CUBI)

The Texas Capture or Use of Biometric Indentifiers Act ("CUBI") aims to regulate the collection, use, safeguarding, handling, storage, retention, and destruction of "Biometric Identifiers". If your organization operates in Texas or you have employees in Texas, you need to comply with CUBI. You can read the full text of CUBI in the Texas Business & Commerce Code 503.001.

Noah Facial Recognition Pty Ltd ("NoahFace") is committed to privacy and provides you with extensive capabilities in the NoahFace App and Dashboard (collectively the "NoahFace Service") to help you comply with CUBI. However, it is important to note that if your organization uses of the NoahFace Service you cannot rely on the capabilities of the NoahFace Service alone. You must ensure you configure and use the NoahFace Service appropriately to comply with CUBI and that you comply with the non-system requirements of CUBI. For example, you should ensure your premises and devices are physically secured. Given the importance of privacy, you should obtain your own professional legal advice to ensure you are fully compliant.

The sections below detail the requirements of CUBI and explain how NoahFace provides you with capabilities in the NoahFace Service to help you comply with each of them.

Collection and Consent

Requirements

CUBI requires that: "A person may not capture a biometric identifier of an individual for a commercial purpose unless the person:

  1. Informs the individual before capturing the biometric identifier; and
  2. Receives the individual's consent to capture the biometric identifier."

Compliance

The NoahFace Service displays a written privacy statement which informs individuals that biometric data will be collected (before it is collected), the specific usage of the biometric data, and when the biometric data will be destroyed.

If the privacy statement is accepted, the NoahFace Service will capture the individual's photo and extract their biometric data. If the privacy statement is not accepted, the individual can still use the NoahFace Service by manually identifying themselves using non-biometric methods (eg: passcodes).

The date and time each individual accepts the privacy statement is recorded and can be viewed through the NoahFace Service.

NoahFace App screen shot showing privacy consent.

Retention and Destruction

Requirements

CUBI requires that: "A person who possesses a biometric identifier of an individual that is captured for a commercial purpose ... shall destroy the biometric identifier within a reasonable time, but not later than the first anniversary of the date the purpose for collecting the identifier expires".

Compliance

The NoahFace Service will automatically destroy an individual's biometric data whenever either:

No Commercial Use or Disclosure

Requirements

CUBI requires that: "A person who possesses a biometric identifier of an individual that is captured for a commercial purpose ... may not sell, lease, or otherwise disclose the biometric identifier to another person unless:

Compliance

NoahFace does NOT sell, lease, or otherwise disclose biometric data.

Data Protection

Requirements

CUBI requires that: "A person who possesses a biometric identifier of an individual that is captured for a commercial purpose ... shall store, transmit, and protect from disclosure the biometric identifier using reasonable care and in a manner that is the same as or more protective than the manner in which the person stores, transmits, and protects any other confidential information the person possesses".

Compliance

NoahFace has designed data protection into the core of the NoahFace Service. In particular:

Privacy
Legal
Terms of Use
Contact Us
© NoahFace 2018
.