Data Privacy and Biometrics
Technology is of growing importance to the industry. Clubs are experimenting with new technologies for use with members and employees—fingerprints for timecards, sensors for member check-ins, replacing membership cards with facial recognition systems, monitoring group ex attendance and more. At the same time, governments around the world, and an increasing number of states are proposing laws that regulate business’ use of data in their efforts to increase privacy protections and provide greater control over consumer data.

To shape this coming legislative wave, IHRSA needs to understand what technologies clubs are using, how clubs are using them, and the concerns or pain points facing the industry.

Please take this survey.

Name *
Email *
Your Business Type
Are you an IHRSA Member?
What state is your business located in? *
The answers to this survey will remain confidential.
What data are you collecting? (Select all that apply) *
If "Other" was chosen, please describe.
How do you store and manage the data you collect? *
If "Combination" was chosen, please describe.
There is a shift underway in how personal data is viewed by the public and treated by lawmakers.
It is IHRSA’s belief that we will increasingly see ownership and decision-making over personal data placed in the hands of the individuals themselves. Below is a list of broad data privacy principles we expect to see emerge around how businesses are required to handle data.
Please rank the principals from what would be very restrictive to not a problem to your business' growth. *
Very Restrictive
Somewhat Restrictive
Not a Problem
Must give notice that you are collecting a person’s data
Must get consent from the person to collect their data
Must disclose what you are using the person’s data for
Must have a schedule for how long the data is kept before being destroyed
Must share data with other parties if asked to by the person
Must permanently delete the data if asked by the person
Must be able to provide certification or proof of the destruction
Biometric data is another area of focus for lawmakers.
Biometric information is any information captured, converted, or stored based on an individual’s biometric identifier. Biometric identifiers are biological characteristics that are unique to each individual (e.g., fingerprints, retina scans, facial scans, and iris scans).
Is your club using or considering using biometric information? *
How are you collecting the information? (Select all that apply) *
If "Other" was chosen, please describe.
How are you using the information? *
A New York State biometric proposal would require a private entity collecting biometric information to:
• Inform a person in writing that their biometric information is being collected
• Explain the purpose & length of time for which the information will be used
• Receive written consent
• Not sell the information
Which of these potential restrictions on the collection and use of this information are most concerning? *
This New York proposal would also create a private right of action for $1,000 per offense or actual damages, whichever is greater. This would potentially open the door to class action lawsuits, as has happened in Illinois.
If your state were to pass a biometric law, assuming defeating the bill is not possible, what could you live with? Please rank the following based on the level of concern it creates for your business - very concerned (big problem) to not at all concerning (no impact to business). *
Not At All Concerning
Mildly Concerning
Very Concerning
Make it apply to consumers only, not employees
No written consent required
No written disclosure required
No explanation of purpose and length of use
No restrictions on the ability to sell information to third parties
Seek to exempt biometric information that is converted into a mathematical representation
Eliminate the private right of action
Require actual harm (e.g. identity theft) in order for someone to recover damages
Remove statutory damages and only allow for actual damages
Shorten the statute of limitations for suing
Never submit passwords through Google Forms.
This form was created inside of IHRSA. - Terms of Service