Equifax states it may collect biometric data such as fingerprints, voice recordings, and facial geometry to verify your identity when you contact the company online or by phone.
This analysis describes what Equifax's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Biometric data is among the most sensitive personal information because it cannot be changed if compromised. Several states have strict laws governing how companies may collect, store, and share biometric identifiers.
Interpretive note: The policy discloses biometric collection but does not specify whether state-specific consent mechanisms such as those required under Illinois BIPA are implemented, creating uncertainty about whether disclosed practices meet statutory requirements in all applicable jurisdictions.
If Equifax collects your biometric information for identity verification, that data could be retained and, depending on how the policy is applied, shared with service providers. Illinois, Texas, and Washington impose specific consent and retention requirements for biometric data that may affect how these terms apply to residents of those states.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Equifax has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Biometric information: Biometric information (such as fingerprints, voice recordings, facial geometry, iris or retina scans) that can be used to identify you. We may collect biometric information to verify your identity when you interact with us online or by phone.— Excerpt from Equifax's Equifax Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and the Washington My Health MY Data Act to the extent biometric data intersects with health-adjacent processing. Illinois BIPA requires written consent before collection, a publicly available retention schedule, and prohibits sale of biometric identifiers. The FTC also holds general authority over deceptive or unfair data practices under Section 5 of the FTC Act. Where the policy asserts collection and use of biometric data without specifying state-by-state consent mechanisms, tension exists with BIPA's requirements. GOVERNANCE EXPOSURE: High. BIPA has generated significant class action litigation with statutory damages of $1,000 to $5,000 per violation. The policy discloses biometric collection but does not specify whether separate written consent is obtained from Illinois residents as BIPA requires. This gap between policy disclosure and statutory consent requirements represents material litigation exposure. JURISDICTION FLAGS: Heightened exposure in Illinois (BIPA), Texas (CUBI), Washington, and California (CPRA designates biometric data as sensitive personal information requiring opt-in for certain uses). The policy does not specify jurisdiction-specific consent mechanisms, which may be insufficient to satisfy state biometric laws. CONTRACT AND VENDOR IMPLICATIONS: Any service provider that processes biometric data on Equifax's behalf must be assessed for BIPA-compliant data handling, including prohibition on sale and destruction schedules. Vendor agreements should include explicit biometric data handling obligations and indemnification clauses. COMPLIANCE CONSIDERATIONS: Legal teams should audit whether written consent is obtained from Illinois residents prior to biometric collection, confirm whether a biometric retention and destruction schedule has been published as required by BIPA, and assess whether voice recordings used for phone verification meet the statutory definition of biometric identifiers under applicable state laws. Data mapping should separately track biometric data flows distinct from other personal information categories.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Biometric data is among the most sensitive personal information because it cannot be changed if compromised. Several states have strict laws governing how companies may collect, store, and share biometric identifiers.
If Equifax collects your biometric information for identity verification, that data could be retained and, depending on how the policy is applied, shared with service providers. Illinois, Texas, and Washington impose specific consent and retention requirements for biometric data that may affect how these terms apply to residents of those states.
ConductAtlas has identified this type of provision across 18 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Equifax.