Procare Desktop Ledger Issues - Learn More

Biometric Information Privacy Act

  • Updated on Feb 25, 2026
  • Published on Feb 24, 2026
  • 2 minute(s) read
Prev Next

This information is applicable to businesses operating in Illinois.

Centers in Illinois using biometric technology for check-in/out must comply with the Biometric Information Privacy Act (BIPA).

What is the Biometric Information Privacy Act?

The Biometric Information Privacy Act regulates how businesses and organizations in Illinois use biometric information. BIPA recognizes biometric information as sensitive personal information and provides rules on how long it can be stored, what businesses must do before collecting it, and how it should be stored and retained.

Before diving deeper, it’s helpful to understand what is considered biometric data under BIPA. Biometric data includes fingerprints, thumb scans, and facial scans. Centers may use scanners to verify identities during check-in and check-out for a safe, secure process.

How Desktop uses BIPA

Centers using a recommended biometric finger ID pad use the system to verify identity during child check-in and check-out. The fingerprint scanner does not store an image of the fingerprint. Instead, the system converts scanned data points into a mathematical representation, which cannot be reverse-engineered into a fingerprint.

How Procare handles biometric data:

  • Biometric identifiers and templates are stored securely on encrypted systems.

  • Access is restricted to a limited number of authorized Procare personnel only.

  • Procare implements reasonable technical safeguards to protect biometric data from unauthorized access, disclosure, or misuse.

Data Retention and Deletion Requirements

BIPA requires the permanent deletion of biometric data when it is no longer needed.

Deletion occurs:

  • Within three (3) years of the individual’s last interaction with the center
    or

  • When the original purpose for collection has been satisfied
    (whichever happens first)

Centers must honor written requests from parents or authorized individuals to delete biometric data earlier, if requested.

Your Responsibilities under BIPA

Centers must get informed, written consent before collecting or using biometric data from parents, guardians, or any authorized pickup persons.

Here is a sample consent form that can be adapted.

Sample Consent Form Biometric Information Privacy Act.pdf

Your Rights under Illinois Law

  • Refuse to provide biometric data

  • Ask to use an alternative check-in/check-out option

  • Inquire about your stored biometric information

  • Revoke your consent at any time in writing

FAQ

How can a parent or authorized pick up request deletion of their biometric data?

Any requests for data deletion prior to three years of the last interaction with the center should be made in writing. Centers can then contact Procare Support to request the early deletion of the data. If a parent were to return to the center in the future, they could choose to grant permission for a new fingerprint to be collected for check-in/check-out and would need to provide written consent.

What steps are required before we can collect biometric data from individuals?

Centers must obtain written informed consent before collecting or using biometric data from parents, guardians, or any authorized pickup persons. See sample consent form that can be adapted.

Do I need to collect permission for the fingerprints I already have?

No. For future reference, written consent is required before collecting biometric data.

Procare Support Sites
Capabilities
ABOUT US
Resources
© Copyright 2025 Procare Software, LLC. All rights reserved. | 1125 17th St., Ste 1800, Denver, CO 80202 | (800) 338-3884
Procare Software is a registered ISO of PNC Bank, N.A., Pittsburgh, PA