An Act Relating to the Collection and Use of Biometric Identifiers
Washington Biometric Identifiers
Data last verified: March 23, 2026
- Effective Date
- July 23, 2017
- Enforcement Date
- Not specified in statute
Summary
Washington RCW 19.375 requires notice and consent before enrolling biometric identifiers in a database for commercial purposes, prohibits sale/lease/disclosure without consent, and requires reasonable security safeguards. AG exclusive enforcement (RCW 19.375.030) under the Consumer Protection Act (RCW 19.86), up to $7,500 per violation. No private right of action. Exemptions: financial institutions (GLBA), HIPAA activities, law enforcement.
Who It Applies To
Not specified in statute
Penalties
- Penalty Range
- $0 – $7,500per violation
- Cure Period
- Not specified in statute
- Private Right of Action
- No private right of action
- Enforcement Body
- Washington Attorney General (exclusive under RCW 19.375.030)
- Notes
- Violation is an unfair or deceptive act under the Consumer Protection Act (RCW 19.86). AG exclusive enforcement per RCW 19.375.030 — no private right of action.
Requirements (3)
- ConsentRCW 19.375.020(1)
This law requires notice and consent before enrolling a biometric identifier in a database for a commercial purpose.
- Sharing RestrictionRCW 19.375.020(3)
This law prohibits the sale, lease, or other disclosure of a biometric identifier without consent.
- Record-KeepingRCW 19.375.020(4)(a)
This law requires reasonable care to guard against unauthorized access to biometric identifiers.
Claire tracks 31 state and local AI laws across 23 US states. No prescriptive federal AI compliance statutes have been enacted. EU AI Act and sector-specific regulations are not covered.
Check if this law applies to your business