Efficient Biometrics

Biometrics Retention and Destruction Policy

Updated: Aug 1, 2025

Section 1. Introduction

BB Infotech Inc., operating as “Efficient Biometrics,” is a licensed fingerprint vendor based in Illinois. According to Section 1240.535(c)(8) of the Illinois Administrative Code, fingerprint vendors must establish a publicly available written policy outlining a retention schedule and procedures for permanently deleting biometric identifiers and information. The regulation states that biometric data must be destroyed once its original purpose has been fulfilled or after three years from the individual’s last interaction with the vendor, whichever comes first. Unless a court issues a valid warrant or subpoena, private entities handling biometric data must adhere to their retention and destruction policies. This document has been developed in compliance with the regulation to inform applicants about Efficient Biometrics’ processes for storing, handling, and disposing of biometric data. The policy will be reviewed and updated periodically.

Section 2. Retention Policy

2.1 Retention

Unless otherwise required by a customer contract or the FBI CJIS Security Policy, Efficient Biometrics retains fingerprint images and other biometric data for up to 60 days from the date of receipt, fingerprint capture, or card scan. If the original scan date is modified, retention is calculated from the “last modified” date. Exhibit A, which details exceptions to this 60-day retention period based on specific customer contracts, is available upon request and will be updated as needed.

In cases where fingerprint images must be retransmitted due to errors, the retention period restarts from the new “last modified” date. The 60-day timeframe ensures applicants do not need to be re-fingerprinted if their initial submission fails to process correctly. In extraordinary circumstances, such as war, natural disasters, or pandemics, retention periods may be extended.

If a new set of fingerprints is required due to an error, a new fingerprint transaction is created, and the retention period starts again from the updated capture date. For contracts that require retention beyond 60 days, Efficient Biometrics programs its system to comply with the specific agency’s requirements, ensuring digital records are stored accordingly. While some contractual obligations may appear to conflict with the state regulation, Efficient Biometrics interprets the regulation as allowing for extended retention when necessary to fulfill contractual obligations with government entities.

In the event of a merger or acquisition, the acquiring company will assume control of all biometric data. However, contractual agreements will mandate continued compliance with this policy.

2.2 Retention of Employee Records

Biometric data for Efficient Biometrics employees will be retained in accordance with the timeframes outlined in this policy.

Section 3. Permanent Destruction Policy

3.1 Electronic Records

Biometric data stored electronically is encrypted both in transit and at rest from the moment it is captured. Data stored on local servers or backup drives remains encrypted, and any offsite backups are securely stored in the cloud without third-party access. Before the retention period expires, a secure deletion process ensures biometric data is permanently removed from all storage locations, making it irretrievable.

3.2 Physical Records

Biometric data received in physical form, such as fingerprint cards, is converted into a digital format. The original documents are then stored for up to 30 days before being securely destroyed—either through shredding by Efficient Biometrics or disposal in locked bins, which are emptied by a third-party shredding service on a bi-monthly basis.

Section 4. Exceptions to the Policy

Efficient Biometrics will comply with this policy unless required by a court order, subpoena, or other applicable legal obligation.

Section 5. Roles and Responsibilities

The Director of Efficient Biometrics is responsible for overseeing the implementation and enforcement of this policy.

Section 6. Definitions

This policy references definitions outlined in the Illinois Biometric Information Privacy Act (740 ILCS 14/):
• Biometric Identifier: A fingerprint, retina scan, iris scan, voiceprint, or scan of hand or face geometry. Excluded are items explicitly defined as non-biometric by law.
• Biometric Information: Any data based on a biometric identifier that is used to identify an individual, regardless of how it is captured, stored, or shared. This does not include data derived from excluded items.
• Identifiers and Other Biometric Information: This term encompasses both biometric identifiers and biometric information.

Section 7. Questions and Copies

This Policy is available to the public at https://efficientbiometrics.com/compliance.php and is also provided upon request. Questions related to the Policy should be directed to:
Attn: Director
BB Infotech Inc.
682 S Route 59, Naperville IL 60540
e-Mail: info@efficientbiometrics.com