Take-Away: Biometric information is now used in many different ways these days. How it is used, and protected, is something we need to be concerned about, both while the individual is alive, and when and how it can be used after the individual’s death.

Background: When I opened my tablet this morning, twice I had to engage in the facial scan recognition to open the tablet. It dawned on me that facial scans and fingerprints have now become the primary method to unlock tablets, phones, computers, and apps for these devices. It used to be that only in James Bond films that retina or face scans were used to enter top secret departments or access classified information. Now, these sophisticated forms of access are a part of our daily lives used to open our iPhones about 20 times a day.In some respects these biometric ‘locks’ are a Godsend for old people like me who cannot remember multiple passwords required to daily survive in this digital age. Bringing biometrics into our lives is clearly more convenient and secure than relying on multiple alphanumeric passwords. However, along with the simplification and convenience of biometrics comes the difficulty faced by fiduciaries to unlock devices that require biometric access that contain critically important information, or the risk that digitally stored biometric data is stolen, which would compromise that individual forever.

Biometric Information: Biometric information is any information, regardless of how it is captured, converted, stored, or shared, that is based on an individual’s biometric identifier used to identify that individual. A biometric identifier is a unique biological trait that may identify an individual such as a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. The use of biometrics helps to prevent cyberattacks since the unique biometric identifiers are difficult to hack and, for guys like me, impossible to forget. In short, biometric identifiers have become the ‘gatekeepers to our digital lives’ since they presumably cannot be changed, stolen, or compromised.

Storage: With the increase in use of biometrics, we need to be increasingly aware of biometric information because of the issues that surround its use. Biometric information can be digitally stored while the individual is alive. In that case, the individual should know who is storing the information, what security protocols are used to safeguard that biometric data from a security breach, and what the storing custodian may or may not do with the stored information if the custodian goes out of business. The individual should be cautious in turning over his/her biometric information out of convenience without thinking through the consequences of its inadequate or improper storage.

Estate Administration Concerns: Consider the reality that many cryptocurrency custodians now use biometrics for their security protocols. These custodians require verification of the individual’s biometric identifier to access their cryptocurrency account. If the account owner dies, how does the fiduciary access the cryptocurrency account, or engage in transactions regarding that account?

Digital Asset Act: Digitally stored biometric information should fall within the definition of a digital asset under the Revised Uniform Fiduciary Access to Digital Asset Act. If that is the case, then as part of an estate plan the individual should consider whether biometric information can be transferred during their lifetime or at their death, and who may access that information, and how that biometric information is transferred. If a Will or Trust refers to digital assets, then probably the definition of digital assets should expressly include stored individual biometric data. 

Estate Planning Information: When working with an individual we should ask them about who should and could have access to digitally stored biometric information, while they are alive and after their death, how that biometric information can be safeguarded, and whether that information should be destroyed after their death to avoid its misuse. If assets, like cryptocurrency accounts are protected by biometrics, we need to know how will the estate fiduciary will access that protected information once the individual has died?

Privacy Concerns: Some states have adopted biometric privacy laws, but no federal biometric privacy law has yet to be adopted. Illinois has what is viewed to be the most effective statute, the Illinois Biometric Information Privacy Act of 2008, that provides a specific right of action when an individual’s biometric information is improperly collected, captured, or purchased, or if that information is improperly disclosed, redisclosed, or disseminated. Fiduciaries may be required to bring actions after the decedent’s death in order to protect improperly disseminated biometric data.

Conclusion: We live in an era of digital evolution, or perhaps,  ‘revolution.’ With the increasing use of biometric information, we can enjoy the convenience that is provides, enabling guys like me to no longer carry around in my wallet all the passwords that I used to have to remember (but couldn’t) yet it also brings new questions and concerns about protecting that most personal information.