Biometric authentication tools may still be something of a Catch-22 for companies and their legal departments, even despite the effort of vendors to create tools that minimize the risk of exposure. It doesn’t necessarily help the situation that biometric regulations such as Illinois’ Biometric Information Privacy Act continue to unfold on a state-by-state level that offers no guarantee of uniformity in perception or enforcement.

BIPA, for example, affords employees and consumers a private right of action and allows the recovery of $1,000 per violation plus attorneys’ fees. Still, vendors have been making an effort over the last few years to do appear to help companies avoid the risks that accompany biometric data. Fujitsu Laboratories, for instance, rolled out technology in 2015 that converts biometric data like palm veins into a cryptographic key made up of randomized numbers.