Biometrics – A Potential Minefield?
Timekeeping in this day and age is not the timekeeping of old. Pretty much gone are the days of signing in and out or punching a clock with a punch card. Many companies have turned to the convenience of biometric clocks for timekeeping, however the unknowing employer could be walking into a mine field if it is not well-versed in the assorted laws that currently exist, or are pending, in various states.
Biometric clocks record an employee’s identity in any number of ways. The scans take information on employees’ physically unique characteristics and can include handprint, fingerprint, retina scans or even facial recognition. One tremendous benefit of this method of timekeeping is that it essentially eliminates timekeeping abuse by ensuring that the employee “punching” is truly that employee through unique identifiers. Employees can no longer sign in and out for each other when biometric scanners are utilized.
But what about those pesky state laws?
New York has no specific biometric data law; however, it’s had a law on its books for a very long time preventing employers generally from fingerprinting employees (unless otherwise required by law like certain healthcare employees) and from retaining those fingerprints. As such, a biometric fingerprint scan would not be lawful. Rather, a scan that takes data points of the finger, or hand, would be a better option for a New York employer. Since employers in New York cannot take adverse action against employees that choose not to participate in the program, it is always recommended that if an employee requests not to use the fingerprint data-point scan, that he or she be allowed to opt out and keep time in a different manner.
Illinois was out in front in this arena. Way back in 2008 that state instituted the Biometric Information Privacy Act. The Illinois law requires companies that collect and store biometric data and to obtain written consent to do so. It also requires that those companies maintain policies and post notices. The policies and notices must contain the employer’s purpose for collecting the data and the procedure for destroying it once those reasons are no longer applicable. There have been many class action lawsuits filed in Illinois as of late which seek to catch employers on these technical violations of the law.
In 2009 Texas followed Illinois’ lead and in 2017 Washington state became the third state to pass a biometric information statute. In Texas, biometric identifiers under the law include a retina or iris scan, fingerprint, voiceprint, or record of hand or face geometry. Washington state has a broader definition of biometric indicators; however, unlike Illinois and Texas, it excludes hand or face geometry. And, like Illinois, both Texas and Washington require the employer to give notice to the employees before capturing any biometric identifier?and must obtain the employee’s consent to do so, although unlike Illinois, Texas and Washington do not dictate the content of the notice and consent. All three states require retention policies. There are some other differences in the laws, but these are the main requirements.
At the time of this writing, Alaska, Connecticut and New Hampshire all have proposed biometric data laws, and there is no federal law on the subject.
It is evident that these laws are becoming a national trend and the differences between the requirements make it clear that employers should always consult employment counsel or a qualified HR outsourcing/consulting firm before deciding to utilize a biometric timekeeping device.