New biometric technologies can pick up on a unique cardiac signature from 200 meters away, even through clothes.

But what is a person's cardiac signature?  

Like the iris or fingerprint, our cardiac signature is unique, and cannot be altered or disguised by beards or masks.  More important, however, is that a person's cardiac signature can be taken from a distance.

New technology, called Jetson, uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).  While it works at 200 meters (219 yards), longer distances could be possible with enhancements.

The existence and commercial exploitation of powerful biometric identification tools like Jetson presents yet another example where the technology is ahead of the law, and where private entities may need to more closely consider the broader implications via Data Ethics.  

Those considerations include, among others, informing individuals that cardiac signature information is being collected or stored; informing individuals about the purpose and length that this information will be retained; obtaining consent, where appropriate; and establishing and posting a policy on these issues. 

Laws like Illinois' Illinois Biometric Information Privacy Act (BIPA) generally restrict the collection, use, or other processing of "biometric identifiers" by entities (including employers), unless certain requirements are met.  But BIPA defines the term “biometric identifier” generally as “retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.”   

Notably, cardiac signatures are not included within BIPA, but that does not mean that privacy risks do not exist.