Washington State will next month become the third US state to statutorily restrict the collection, storage and use of biometric data for commercial purposes.On July 23, a new biometrics law will come into force that aims to require that businesses ensure consent before it that collects and can attribute biometric data to a specific individual.Firms must also provide notice to and obtain consent from an individual before enrolling or changing the use of that individual's biometric identifiers in a database.However, critics have already said the wording of the law could lead to “confusion”.A blog post by business intelligence firm JD Supra complains that regarding collection, the new law states that a company may not “enroll a biometric identifier in a database for a commercial purpose” unless it: (1) provides notice, (2) obtains consent, or (3) “provid[es] a mechanism to prevent the subsequent use of a biometric identifier for a commercial purpose. “Confusingly, the law does not specify what type of “notice” is required, except that it must be “given through a procedure reasonably designed to be readily available to affected individuals,” and its adequacy will be “context-dependent.”””The new law also governs the storage of biometric identifiers. Any business holding biometric data 'must take reasonable care to guard against unauthorized access to and acquisition of biometric identifiers that are in the possession or control of the person.' JD Supra again states that here too the law fails to provide certainty, e.g., it sets no bright-line time limits on retention after customer relationships end, or how to apply these rules to ongoing but intermittent customer relationships.