Biometrics – Who’s Watching Who?
Accurately capturing an employee’s time on the job has been a challenge for most employers. In the early times, employers used to manually jot down arrival and departure times in a log. While antiquated, I recently had a client who did exactly that, claiming it was the easiest approach. That is, until the log book got lost and an overtime claim was made! Then companies moved to time clocks or key cards. Problem here was that another employee could easily swipe or punch in for another employee, thereby defeating the purpose of the timekeeping system. Computer passwords and systems that track when an employee logs into his or her computer were the next approach. Sounds great, unless someone knows the password and logs in to help out his or her buddy. We now approach a new frontier in employee tracking systems – Biometrics!
Basically, biometrics is a high-tech approach that captures either a fingerprint, palm print, iris scan or full facial recognition. Each of these characteristics are personal to an individual, thereby making it nearly impossible for anyone but the actual user with that unique identifying feature to scan in and out. Biometric data can be used to establish records of an employee’s time, to restrict access to certain areas, computer systems, data or devices, to provide security, and promote employee health through wellness programs. All of this technology however comes at a cost for unwary employers!
In 2008, Illinois passed the Biometric Information Privacy Act (“BIPA”), one of the most stringent laws in the country. BIPA was designed to provide protection against the unauthorized use or disclosure of biometric information. BIPA provides that a private entity (such as an employer) may not collect, capture, purchase, receive through trade, or otherwise obtain a person’s biometric information unless it: (1) informs the person in writing that biometric identifiers or information will be collected or stored; (2) informs the person in writing of the specific purpose and length of time for which the biometric identifiers or biometric information is being collected, stored and used; (3) receives a written release from the person for the collection of his or her biometric information; and (4) publishes publicly available written retention schedules and guidelines for permanently destroying biometric identifiers and biometric information. BIPA also permits individuals to sue for violations, and if successful, can recover liquidated damages of $1,000 or actual damages, whichever is greater, along with attorney’s fees and expert witness fees. The liquidated damages amount increases to $5,000 if the violation is intentional or reckless.
Let’s look at the ways an employer can get into trouble using biometrics:
- Failure to inform employees up front that biometric data will be collected. Consider the tale of Roundy’s, which is currently in the midst of a class action lawsuit in Illinois. Among the allegations made was that Roundy’s did not tell its potential employees about the use of biometrics up front and thereby coerced its employees into either accepting the use of the system or not having a job. Further it is claimed that Roundy’s did not get proper written approval or make the appropriate disclosure to its employees. The case is proceeding on a class basis, and the potential damages are in the millions.
- Sharing the biometric information with a third party. Data breaches are an employer’s worst nightmare. Even worse, if an employer should share the biometric information with a third party for marketing or other purposes, it opens up a whole new can of worms. Privacy concerns and violations of BIPA are just the tip of the ice burg. Consider LA Tan, which recently entered into a settlement agreement in Cook County costing it $1.5 million for sharing fingerprint data with an out of state third party vendor. Shutterfly also had to settle a suit based on alleged privacy violations related to facial recognition technology.
- The clash between religious accommodations and biometrics. Strange as it may sound, the EEOC was recently successful in bringing suit on behalf of an employee who claimed his sincerely held religious beliefs precluded scanning technology. According to the suit, the employee believed that the technology used which required employees to scan their hand to clock in and out signified the “Mark of The Beast” that appears on followers of the Antichrist in the Bible’s Book of Revelation and condemns them to eternal punishment. He held this belief even though the scanner did not leave any visible mark. He asked to use different time keeping systems so as not to violate his religious beliefs. When the company refused, he was terminated. A jury just awarded him $600,000! Employers who face religious accommodation requests in conjunction with biometrics are cautioned to look for alternative techniques that do not violate an employee’s religious beliefs.
The use of biometrics is no longer the stuff of science fiction. It is rapidly becoming the norm in the business world. Employers need to be aware of their rights and responsibilities under BIPA. Policies and procedures need to be examined, and if necessary, re-written (or written for the first time) to comply with the biometric frontier. Employees also need to be aware of their right to privacy as it relates to biometric identifiers or information. Employees should be provided a written consent forms prior to agreeing to the use of biometrics. Storage concerns are a major issue, as well as what happens to the data when the employee is no longer employed at a company sing biometrics.
With over 33 years’ experience in advising employers and employees on cutting edge employment law issues, let Boznos Law work with you to ensure you are ready to meet the challenges posed by the ever-changing employment law landscape. Call Bill Boznos today at (630) 375-1958 or contact us at www.boznoslawoffice.com/contact-us through our website at www.boznoslawoffice.com.