Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Montana: Bill for facial recognition for government use signed by Governor and becomes law

Senate Bill 397 for the Facial Recognition for Government Use Act was signed into law, on June 29, 2023, by the Montana Governor. The Act regulates the use of facial recognition technology (FRT) by state, local government, and law enforcement agencies, and defines terms, including facial biometric data, facial identification, and verification, among others.

Requirements on public authorities

The Act establishes restrictions on the use of FRT, along with permitted uses, such as investigating serious crimes in certain circumstances. In addition, the Act stipulates requirements regarding notification when capturing the image of an individual, establishes rules for human review, and introduces auditing procedures to ensure that FRT is only used for legitimate law enforcement purposes.

Third-party vendors

A third-party vendor contracted by applicable agencies for the provision of a facial recognition service may not collect, capture, purchase, receive through trade, or otherwise obtain an individual's facial biometric data in the implementation of the service unless beforehand it:

  • informs the individual or the individual's legally authorized representative in writing that facial biometric data is being collected or stored;
  • informs the individual or the individual's legally authorized representative in writing of the specific purpose and length of term for which facial biometric data is being collected, stored, and used; and
  • receives written consent from the individual or the individual's legally authorized representative authorizing the collection, storage, and use of the individual's facial biometric data.

In addition, third-party vendors are required to provide applicable agencies with a written privacy policy, as well as a policy regarding retention schedules and guidelines for permanently destroying facial biometric data. Furthermore, third-party vendors must establish a written information security policy creating appropriate administrative, technical, and physical controls to develop and govern the acceptable use of the third-party vendor's information technology.

Implementation

The Act will come into effect on its passage and approval and provides that a third-party vendor with an existing contract with certain state departments will be required to comply with the provisions of the Act by January 1, 2024.

You can read the Act here and view its history here.