Several states, including Illinois, Texas, Arkansas, and Washington, have enacted privacy laws governing various types of biometric information, such as fingerprint, retina, and facial scans. The risks associated with the inadvertent disclosure and misuse of this type of information can be significant. Unlike other types of protected information such as user names, credit card numbers, and passwords, biometric information cannot be cancelled or replaced.