(1) A state or local government agency may use, or contract with a third-party vendor for the use of, facial verification if the state or local government agency first provides a written use and privacy policy regarding facial recognition technology. The written policy must include, at a minimum:
- (a) the specific purpose for facial verification by the state or local government agency;
- (b) the length of term for which facial biometric data is being collected or stored; and
- (c) notice that facial biometric data may not be collected on an individual without prior written consent by the individual.
- (2) The state or local government agency must include an option for access to services without the use of facial verification.
- (3) A third-party vendor who is contracted with a state or local government agency shall provide a copy of its written policies in accordance with 44-15-109 for use with the notice requirement outlined in subsection (1).
- (4) A state or local government agency shall report the use of facial recognition technology pursuant to subsection (1) to the information technology board created in 2-15-1021.
- (5) This part does not apply to a state or local government agency that uses facial verification in association with a federal agency to verify the identity of individuals presenting themselves for travel at an airport or other port.
History: En. Sec. 8, Ch. 781, L. 2023.