SHB 1717

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

C 306 L 17

Synopsis as Enacted

Brief Description: Concerning state agency collection, use, and retention of biometric identifiers.

Sponsors: House Committee on Technology & Economic Development (originally sponsored by Representatives Smith, Morris, Harmsworth, DeBolt, Hudgins, Van Werven, Santos and Stanford).

House Committee on Technology & Economic Development

Senate Committee on State Government



The terms "biometric data," "biometric information," or "biometric identifier" variously refer to measurable biological or behavioral characteristics unique to an individual. Biometrics may be used for identification and authentication purposes, such as unlocking a device or authorizing a payment. They may also be used to gather personal characteristics for customizing services or information, such as in advertising.

There is no federal or Washington law that specifically regulates the collection or use of biometric data.

State Records Laws.

Under the Public Records Act (PRA), all state and local agencies must disclose public records upon request unless the records fall within a specific exemption, which may be within the PRA itself or as provided in another statute. The PRA applies to records "regardless of physical form or characteristics."

Agency record retention requirements are independent from record disclosure requirements. State and local agencies must keep and then dispose of records according to specific "schedules." The Office of the Secretary of State sets a general schedule for categories of records common to many agencies. Some agencies set additional schedules to apply to records more specific to that agency's functions.


An agency is prohibited from obtaining a biometric identifier without first:

An agency is prohibited from selling a biometric identifier.

An agency may only use a biometric identifier consistent with the terms of the notice and consent, and may only share the identifier under the following circumstances:

An agency that obtains biometric identifiers must:

Biometric identifiers may not be disclosed under the PRA.

Votes on Final Passage:








July 23, 2017