Washington My Health My Data Act (HB 1155) Compliance Statement

Applicability

The Washington My Health My Data Act (MHMDA), effective March 31, 2024, for most entities and June 30, 2024, for small businesses, regulates the collection, sharing, and sale of consumer health data by entities conducting business in Washington or targeting Washington consumers.

Biometrica operates exclusively as a public safety technology provider, including for government agencies and public safety entities. Our systems do not collect, process, or sell consumer health data as defined under MHMDA. Therefore, Biometrica is not subject to MHMDA’s requirements.

About Biometrica

Biometrica is a public safety technology company focused on protecting people without mass surveillance or biometric data, including and not limited to biometric templates and biometric identifiers’ access, transmission, retention, or storage. We therefore have no biometric gallery.

Our systems include:

  • UMbRA — A 100% law enforcement-sourced database containing charge/booking data, criminal records, warrants, sex offender data, probation/parole status, and non-searchable missing persons records used solely for public safety and investigative matching. Direct UMbRA access is only available to trained and credentialed law enforcement, quasi-law enforcement personnel and mission aligned partners operating in support of law enforcement for legally permissible purposes.
  • RTIS & RVIS — Real-time Threat and Victim Identification Systems designed to identify and locate specific law enforcement-verified threats or victims, or persons trespassed from a facility in real-time without retaining video, audio, or biometric data.
  • QAPLA — Face verification and similarity scoring tool available to credentialed law enforcement or approved users.
  • eMotive — Continuous, FCRA-compliant criminal background check solution requiring explicit employee consent.

Facial Recognition Technology — Privacy by Design

Biometrica is not a facial recognition company.

All biometric comparisons are conducted by an independent, third-party, NIST-evaluated and approved provider operating within a secure and strictly isolated black box environment.

Biometrica does not access, transmit, store, or retain:

  • Faceprints
  • Other Biometric identifiers
  • Associated metadata from biometric comparisons

We have no biometric gallery.

Biometrica only receives numerical match IDs for human verification.

Biometrica staff do not:

  • Access search queries or results within UMbRA
  • Access match queries or results performed via QAPLA
  • Access employee background monitoring records via eMotive

Only Biometrica’s Rapid Action Center (RAC) can see and send out RTIS/RVIS alerts, and that, only after verification by a human trained in facial identification, has confirmed an algorithmic match and validated it for relevance.

Use of Location Data Under MHMDA

RTIS and RVIS may incorporate general location information strictly for:

  • Public safety
  • Criminal investigations
  • Missing persons recovery

Location data is:

  • Used solely for investigatory and security purposes.
  • Not used for tracking, profiling, or targeted advertising.

Compliance with the Washington My Health My Data Act (MHMDA)

Biometrica complies with MHMDA

  • Not collecting, processing, or selling consumer health data.
  • Ensuring that any incidental location data used is strictly for public safety purposes and not for health data inference.
  • Maintaining data minimization and privacy-by-design principles across all systems.

Data Subject Rights Under MHMDA

As Biometrica does not collect consumer health data, data subject rights under MHMDA, such as access, deletion, or withdrawal of consent, are not applicable.

Data Minimization and Privacy Safeguards

Biometrica enforces:

  • Data minimization: Only necessary data is collected and processed.
  • Purpose limitation: Processing is restricted solely to public safety and missing persons objectives.
  • No mass surveillance: No video footage or indiscriminate collection.
  • Relevance-based alerts: Only alerts relevant to an organization’s lawful mission and legally permissible use are generated.
  • Human-in-the-loop: Every actionable alert undergoes trained human verification.
  • Immutable audit trails: All actions are logged for auditing and compliance.

Potential Private Right of Action and Mitigation Measures

The Washington My Health My Data Act (HB 1155) permits a private right of action under the Washington Consumer Protection Act (RCW 19.86) for alleged violations involving consumer health data.

Biometrica mitigates this risk by:

  • Not collecting or processing consumer health data as defined by the Act.
  • Limiting all data processing to public safety or investigative use, in coordination with government or law enforcement agencies.
  • Not offering services to the general public, nor engaging in targeted advertising, consumer analytics, or health-related data inference.
  • Ensuring all location data, where used (e.g., in RTIS/RVIS deployments), is general, not precise, and is restricted to investigatory relevance only — never for marketing, health profiling, or geofencing.

Biometrica does not engage in trade or commerce involving consumer health data as defined under the law. Should a private individual seek to pursue an action under the CPA, Biometrica will assert its exemption and demonstrate the lawful, limited, and privacy-respecting scope of its operations.

Contact

For inquiries related to this compliance statement:

Email: privacy@biometrica.com

Version Control

Last Updated: March 2025

Next Scheduled Review: March 2026 or earlier if required.