- Emergency Consultation Services
- Risk Management Services
- Who We Are
- Our People
- What We Do
- Why We Are Different
- What’s New
- Where We Are
By: William E. Collins, Jr.
The recent spike in claims against employers involving employee biometric data is a reminder that employers across the country should use caution before implementing technology utilizing employee biometric information.
How and Why Employers Use Biometric Technology
Employers are increasingly turning to technology utilizing biometric verification to ensure accurate time records and increase security. Biometric verification uses one or more unique identifiers from a person to verify their identity. These biometric identifiers include the use of fingerprints, finger geometry, and hand, face, or body scans. Employers use this technology to ensure accurate time records and increase security. Biometric verification combats “buddy punching”—where co-workers clock in or out for a fellow employee—and inaccurate time records because it requires the employee to be present in the workplace when the entry is made. By requiring the employee be physically present, the employer increases accuracy, security, and can restrict employee access to specified areas in the workplace. While this technology certainly has its advantages, it is not without risks to employers.
Flurry of Cases in Illinois
Since September of 2017, there have been more than 25 new lawsuits in Illinois State Court that allege violations of the Illinois Biometric Information Privacy (“BIPA”), which requires employers provide employees notice, obtain their consent, and clearly outline retention policies if using biometric identifiers.
Hyatt, Roundy’s, Zayo Group, Speedway, and Kimpton’s Hotels are a few targets of the most recent BIPA lawsuits. These companies allegedly violated BIPA where they required employees provide a fingerprint or finger geometry to clock in and clock out or to access company facilities without obtaining employee approval or outlining the scope and duration of use of the employee’s information.
The law imposes steep penalties for even unsuspecting employers where the liquidated damage provision of the statute is $1,000 per occurrence if the employer is merely negligent. And when the acts are willful or reckless, the damage is $5,000 per act. As you can imagine, this represents significant liability for employers and that potential liability quickly escalates when faced with the prospect of class action litigation. It was recently estimated that one company embroiled in one of the Illinois biometric fights faces the prospect of damages reaching $10 million.
Statutes Across the Country
While Illinois is the only state with a private right of action, several states place restrictions on an employer’s use of certain biometric information. For example, similar to Illinois, both Texas and Washington require that employers provide notice and obtain consent from employees prior to capturing biometric identifiers. In other states, certain actions involving biometric information are prohibited. In New York, most employers are prohibited from requiring fingerprinting as a condition of securing or continuing employment. While in California, employers are prohibited from sharing biometric data with third parties.
Even if your state does not regulate biometric information, you should be prepared because state legislatures are very active in this area. In 2017 alone, new legislation regulating biometrics was proposed in Alaska, New Hampshire, Connecticut, and Washington. Much of this legislation mirrored the statutes in effect in Illinois and Texas.
Federal Employment Laws are Implicated
Employers also must be cautious when implementing technology that utilizes biometric information because federal employment statutes may be implicated. Consider EEOC v. Consol Energy, Inc., where the EEOC brought a religious discrimination claim against an employer who implemented hand-scanning technology. There, the EEOC prevailed on behalf an employee who was declined accommodation for his religious belief that the hand-scanner used to clock in and clock out would provide information that could be used by the “Antichrist” to identify those with the “Mark of the Beast.”
In other instances, because eye, hand, or fingerprint scans potentially give medical information to the employer that alone, or through further analysis, could provide an employer information that they might otherwise not know, the use of biometric identifiers could bring ADA or GINA claims. For example, eye scans could reveal undisclosed eye disorders and diseases, finger print scans might reveal burns or tissue disorders, and hand-scans could reveal arthritis, scar tissue, or temperature distribution issues. As a result, employers implementing these programs must be careful to narrowly tailor their programs so that the information does not impact participation in benefit programs or that it does not otherwise lead to discrimination based on a disability.
The Bottom Line
Employers should be thoughtful and diligent when deciding to implement technology utilizing biometric identifiers as liability lurks for employers under both state and federal laws. Ultimately, employers should:
1. Carefully evaluate the decision to implement biometric verification technology and consult with legal counsel to better understand their obligations under state and federal law.
2. Develop a written policy and obtain written consent from employees when deciding to implement this technology.
3. Narrowly tailor what information is captured, how the information is stored, and who the information is shared with.
If you have any questions or would like more information, please contact William Collins at [email protected].