b'New revenue stream:Sally operates a call center businessWhat Should I Do: making cold calls to cell phones.Though she is reviled theGood: Notify employees and maintain a written consent from world over, Sally does not care.Shes making money hand overemployees for any biometric information you retain for business fist.Given her personality and societal flexibility, she jumps atpurposesevenincludingphotographsofemployeesfor the chance to sell the biometric information she has collected onbadges.Destroybiometricinformationonnolessthanan employees through her biometric time clock. In a small blow forannual basis for all separated employees.cell phone users everywhere, the state sues Sally for $25 millionthe full violation amount for each of her 1000 employeesBetter:In addition to the above, implement security protocols for because it is against the law to sell biometric data retained fromthe retained data and ensure its security against theft or hack.employees.Sally files bankruptcy and goes out of business.Woohoo!(Side note, even sharing the data to improve theBest:In addition to the above, ensure that all vendor agreements software without compensation is a violation without consent.) for software in which the data will be maintained or external servers on which data will be hosted provide adequate security We dont have to comply:Jorge really, really tries to complymeasures.If there is a data breach, your employees will look to with the law and correspondingly is constantly trying to root outyou, not the vendor.employee violations of the law.He hires a biometrics company to set up facial recognition systems for employees to access certainareasandtoclockindaily.Havingreadaboutthe Texas biometrics law, he asks the vendor about its data security because he doesnt want any violations of the law.The vendor tells Jorge that it does not have to comply with the law because it does not retain information sufficient to tie the data it uses to the employee.Jorge feels better.Is he safe?Hmmm.Not sure.Because this is a new law, its not clear if that protection is enough.For that reason, Jorge should probably insist on strict security of the data and proof of the datas security.98'