1-Hour Program

See Credit Details Below


Data deletion is a feature of numerous data protections that apply to biometrics and other sensitive personal information.  The Illinois Biometric Information Privacy Act requires biometric information to be “permanently destroyed” when the initial purpose for which it was collected has been satisfied, or within three years of the individual’s last interaction with the entity that collected it, whichever occurs first.  The reasonable security requirements listed in the New York State SHIELD ACT include disposing of private information within a “reasonable amount of time after it is no longer needed for business purposes.”  Notably, in a recent settlement with a company alleged to have misrepresented its use of subscribers’ photos to train its facial recognition technologies, the Federal Trade Commission (FTC) ordered the company to delete the improperly obtained data and the algorithms that were trained on it.

Our speakers will discuss:

  • Deletion and destruction provisions in state data protection laws (10 minutes)
  • The allegations in the FTC’s complaint against Everalbum and the provisions of the January 2021 settlement agreement (20 minutes)
  • The implications of data deletion being used as an enforcement tool (15 minutes)
  • Takeaways for companies that train algorithms and models using datasets collected from consumers or purchased from other companies (15 minutes)



  • Gail Gottehrer, Law Office of Gail Gottehrer LLC
  • Ronald J. Hedges, Dentons US LLP
  • Shehzad Mirza, Global Cyber Alliance


Credit Details

You May Also Like